Tekil Mesaj gösterimi - Wp-content ve Wp-includes nasıl gizleyebilirim?

Konu Wp-content ve Wp-includes nasıl gizleyebilirim?

25-04-2022, 17:11:53

#15

selizar

hocam eger serverin nginx ise,

bu directivleri direk nginx server blockuna ekle,

location ~* ^/wp-content/ { deny all; access_log off; }
location ~ ^/wp-include/ { deny all; access_log off; }

wp-login ve xmlrpc ye ne yapicam dersen rate limit ekleyebilirsin, bu direktivlerin anlami 5 saniye ust uste bruteforce yapmaya calisan olursa yada ping atmay acalisan olursa xmlrpc ye nginx direct server tarafindan 444 sayfasi vericektir. Dolasiyla server bazinda oldugu icin daha hizli valisir ve server resoursunu yemez

location = /wp-login.php {
limit_req zone=one burst=2 nodelay;
limit_req_status 444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
include /etc/nginx/global/fastcgi_optimize.conf;
}

location = /xmlrpc.php {
limit_req zone=one burst=2 nodelay;
limit_req_status 444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
include /etc/nginx/global/fastcgi_optimize.conf;
}

daha fazla guvenlik istiyorsan bunlari ekle, bi allahin kulu ne hackleyebilir nede girebilir.

##
# Prevent access to hidden files
##

location ~* /.(?!well-known/) {
deny all;
}
##
# Prevent access to certain file extensions
##

location ~.(ini|log|conf|blade.php)$ {
deny all;
}

###
# Extra Directory and file protection
###

location = /wp-admin/install.php { deny all; access_log off; }
location ~* /readme.html$ { deny all; access_log off; }
location ~* /readme.txt$ { deny all; access_log off; }
location ~* /licence.txt$ { deny all; access_log off; }
location ~* /license.txt$ { deny all; access_log off; }
location = /wp-config.php { deny all; access_log off; }
location ~ ^/wp-admin/includes/ { deny all; access_log off; }
location ~ ^/wp-includes/[^/]+.php$ { deny all; access_log off; }
location ~ ^/wp-includes/js/tinymce/langs/.+.php$ { deny all; access_log off; }
location ~ ^/wp-includes/theme-compat/ { deny all; access_log off; }

###
# Disable PHP in Uploads Plugins and Theme Directories
###

location ~* ^/wp-content/uploads/.*.(?hp[1-7]?|pht|phtml?|phps)$ { deny all; }
location ~* ^/wp-content/plugins/.*.(?hp[1-7]?|pht|phtml?|phps)$ { deny all; }
location ~* ^/wp-content/themes/.*.(?hp[1-7]?|pht|phtml?|phps)$ { deny all; }

###
# Filter Request Methods
###

if ( $request_method ~* ^(TRACE|DELETE|TRACK)$ ) { return 403; }

###
# Filter Suspicious Query Strings in the URL
###

set $susquery 0;
if ( $args ~* "../" ) { set $susquery 1; }
if ( $args ~* ".(bash|git|hg|log|svn|swp|cvs)" ) { set $susquery 1; }
if ( $args ~* "etc/passwd" ) { set $susquery 1; }
if ( $args ~* "boot.ini" ) { set $susquery 1; }
if ( $args ~* "ftp:" ) { set $susquery 1; }
if ( $args ~* "(<|%3C)script(>|%3E)" ) { set $susquery 1; }
if ( $args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)" ) { set $susquery 1; }
if ( $args ~* "base64_decode(" ) { set $susquery 1; }
if ( $args ~* "%24&x" ) { set $susquery 1; }
if ( $args ~* "127.0" ) { set $susquery 1; }
if ( $args ~* "(globals|encode|localhost|loopback)" ) { set $susquery 1; }
if ( $args ~* "(request|insert|concat|union|declare)" ) { set $susquery 1; }
if ( $args ~* "%[01][0-9A-F]" ) { set $susquery 1; }
if ( $args ~ "^loggedout=true" ) { set $susquery 0; }
if ( $args ~ "^action=jetpack-sso" ) { set $susquery 0; }
if ( $args ~ "^action=rp" ) { set $susquery 0; }
if ( $http_cookie ~ "wordpress_logged_in_" ) { set $susquery 0; }
if ( $http_referer ~* "^https?://maps.googleapis.com/" ) { set $susquery 0; }
if ( $susquery = 1 ) { return 403; }

###
# Deny access to wp-content folders
###

location ~* ^/(wp-content)/(.*?).(zip|gz|tar|csv|bzip2|7z)$ { deny all; access_log off; }
location ~ ^/wp-content/webtoffee_import { deny all; access_log off; }

###
# SQL INJECTIONS
###

set $block_sql_injections 0;

if ($query_string ~ "union.*select.*(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}

###
# FILE INJECTION
###

set $block_file_injections 0;

if ($query_string ~ "[a-zA-Z0-9_]=http://") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(..//?)+") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
set $block_file_injections 1;
}
if ($block_file_injections = 1) {
return 403;
}

###
# COMMON EXPLOITS
###

set $block_common_exploits 0;

if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|[|%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|[|%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code(.*)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}

###
# BLOCK SPAM
###

set $block_spam 0;

if ($query_string ~ "b(ultram|unicauca|valium|viagra|vicodin|xanax|ypx aieo)b") {
set $block_spam 1;
}
if ($query_string ~ "b(erections|hoodia|huronriveracres|impotence|levi tra|libido)b") {
set $block_spam 1;
}
if ($query_string ~ "b(ambien|bluespill|cialis|cocaine|ejaculation|ere ctile)b") {
set $block_spam 1;
}
if ($query_string ~ "b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)b") {
set $block_spam 1;
}
if ($block_spam = 1) {
return 403;
}

###
# BLOCK USER AGENTS
###

set $block_user_agents 0;

if ($http_user_agent ~ "Indy Library") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "libwww-perl") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GetRight") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GetWeb!") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Go!Zilla") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Download Demon") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Go-Ahead-Got-It") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "TurnitinBot") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GrabNet") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "dirbuster") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "nikto") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "SF") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "sqlmap") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "fimap") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "nessus") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "whatweb") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Openvas") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "jbrofuzz") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "libwhisker") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "webshag") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Acunetix-Product") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Acunetix") {
set $block_user_agents 1;
}
if ($block_user_agents = 1) {
return 403;
}