Knowledgebase
Recommendations for WordPress rules
Posted by Yarden Loumer on 11 January 2012 02:52 PM

d

 

All rules below should be manually created under "Custom Rules -> User Defined Request Rules".

 

# WordPress SQL injection

 

Search in: "REQUEST_URI" For pattern: "/index\.php". - Policy taken: "skip"

 

Search in: "PARAMETER_poll|PARAMETER_category|PARAMETER_ctg" For pattern: "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)". - Policy taken: "deny"

 

Search in: "REQUEST_URI" For pattern: "/wp-trackback\.php\?tb_id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)". - Policy taken: "deny"

 

Search in: "REQUEST_URI" For pattern: "/wp-trackback\.php". - Policy taken: "skip"

 

Search in: "PARAMETER_tb_id" For pattern: "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)". - Policy taken: "deny"

 

Search in: "REQUEST_URI" For pattern: "/index\.php\?cat=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)". - Policy taken: "deny"

 

Search in: "REQUEST_URI" For pattern: "wp-pass\.php\?\_\wp\_\http\_\referer\=". - Policy taken: "deny"

 

#WordPress shell injection vulnerability

 

Search in: "REQUEST_URI" For pattern: "/cache/user.*/.*\.php\?cmd=". - Policy taken: "deny"

 

#WordPress "cache_lastpostdate" PHP code insertion prevention

 

Search in: "PARAMETER_cache_lastpostdate" For pattern: "<\?php". - Policy taken: "deny"

 

#WordPress SQL injection and feed path disclosure vulnerability prevention

 

Search in: "REQUEST_URI" For pattern: "/\?feed\=rss2\&p=\-1". - Policy taken: "deny"

 

Search in: "REQUEST_URI" For pattern: "/wp\/WordPress\/\?feed\=rss2\&p=\-1". - Policy taken: "deny"

 

 

 

*** It is optional to log events for each rule. It is up to the you to decide. ***

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako fusion