securityisimportant

[securityisimportant]

However, I am still getting these
IP: 74.208.183.74 (74.208.183.74)
User ID:
Date: 2017-11-22T16:02:55+00:00
Total Impact: 30
Affected tags: dt id lfi

Affected parameters: REQUEST.img=..%2Fwp-config.php, GET.img=..%2Fwp-config.php,

Request URI: /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Any suggestions on how to harden against these kind of attack vectors?
Thank you

[securityisimportant]

Yea I just found that option in your plugin to disable access for non-logged in users. That seems to have made a big difference in the login attempts

[securityisimportant]

And to make matters worse,
there’s an automatic redirect to the “hidden” URL to login when going to ANY wordpress admin panel link such as
https://funwithnerds.com/wp-admin/

[securityisimportant]

Yet I’m still getting login attempts every few minutes to every minute with checking service apache2 status

[securityisimportant]

I also have cloudflare in “I’m under attack” mode on all my sites.
And the droplet IP address is the “root” site for the network so doesn’t benefit from cloudflare protections.
I would like to protect the root site completely.. and then block any and all access to any wordpress login method that these hackers use. SO that only I can login.

[Author]

Posts