wordpress_logged_in

  • Resolved treslabs

    (@treslabs)


    2 years, 6 months ago

    Hi, Thanks for a great product and support. I was the person who suggested the blank post request setting. 🙂

    We had a website that was recently hacked that is running Wordfence. For some reason the guy was able to traverse directories in the wp-content folder and put his files everywhere. Is there a setting we missed in WF?

    My suggestion is to add an option for wordpress_logged_in so that hacks are restricted to access via the login creds. I’m not a programmer so I’m not sure if it will truly help but it seems logical.

    Aaron

    <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
  RewriteCond %{REQUEST_URI} ^(/.*?)/wp-content/uploads/.* [NC]
  RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>
Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    2 years, 6 months ago

    Hi @treslabs, glad to hear you’ve been enjoying Wordfence and are an active customer in helping us improve security for all WordPress users!

    There are “Directory Traversal” rules enabled by default in Wordfence > All Options > Advanced Firewall Options > Rules. However, if a person or bot was able to write files rather than just traverse the directories with view permissions from a browser, another attack vector may have been used. There are naturally methods outside of WordPress that we don’t control like database passwords, cPanel access and FTP credentials so as a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP,  WordPress admin users, and database if they haven’t already.

    Were you running the latest version of Wordfence, other plugins, and your theme at the time of the incident?

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘wordpress_logged_in’ is closed to new replies.