WordPress XML-RPC BruteForce

Discussion in 'Инструменты' started by proexp, 18 Aug 2016.

  1. pas9x

    pas9x Elder - Старейшина

    Joined:
    13 Oct 2012
    Messages:
    428
    Likes Received:
    579
    Reputations:
    52
    Вот почему всегда надо делать это:

    ngx:
    Code:
    location ~ \/(wp-blog-header|wp-activate|wp-config|wp-config-sample|wp-links-opml|wp-load|wp-mail|wp-settings|wp-signup|wp-trackback|xmlrpc)\.php {
    deny all;
    }
    a patchy:
    Code:
    <Files xmlrpc.php>
    deny from all
    </Files>
    Этот xmlrpc никому с роду не нужен а проблем от него хренова гора.

    А ещё можно делать так:
    Code:
    location ~ \/(wp-includes|wp-admin|phpinfo\.php) {
    location ~\.(css|js|swf|png|gif|jpe?g|svg) {
    }
    location ~ .* {
    auth_basic "Zone 51";
    auth_basic_user_file /path/to/htpasswd;
    location ~ \.php$ {
    ...php config...
    }
    }
    }
    
    и тогда твой сайт вообще непохек.
     
    3Mind likes this.
  2. dastok

    dastok Banned

    Joined:
    20 Oct 2013
    Messages:
    0
    Likes Received:
    2
    Reputations:
    0
    ....
     
    #3 dastok, 7 Feb 2017
    Last edited: 21 Dec 2017
Loading...
Similar Threads - WordPress BruteForce
  1. Crot83
    Replies:
    0
    Views:
    2,588
  2. FoXuk
    Replies:
    38
    Views:
    74,949