<center id="ium6c"><wbr id="ium6c"></wbr></center>
<menu id="ium6c"></menu>
<code id="ium6c"><small id="ium6c"></small></code>
<center id="ium6c"></center>
<center id="ium6c"></center>
<noscript id="ium6c"><wbr id="ium6c"></wbr></noscript>
<center id="ium6c"><div id="ium6c"></div></center>
managed wordpress hosting

4 must have firewall rules for WordPress


On 06-11-2020 articles, code, wordpress

So many bots scanning your server even if you aren’t WordPress but if you are running WordPress here are 4 must have rules to help block attacks and save server bandwidth.

First you need to rename your login url. A plugin will handle this for you, I recommend iTheme Security. The free version works fine.

Second you need to sign up for cloudflare, again free account works fine here.

Once those two things are done and configured. Go into the fire wall rules and you get 5 free rules with their free plan.

Block xmlrpc (if you use an app or plugin that needs this you can set the IP to have access which this rule will need adjusted)

(http.request.uri.path contains "xmlrpc.php")

Block login page (now that you have renamed it)

(http.request.uri.path eq "/wp-login.php" and not http.request.uri.query contains "itsec-hb-token")

Block remote comments

(http.request.uri.path eq "/wp-comments-post.php" and http.request.method eq "POST" and not http.referer contains "webbernaut.com")

Block plugin scans (change to your domain)

(http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "yourdomain.com" and not cf.client.bot)
天天干AV在线视频