mod_security: This Is How We Protect WordPress, Joomla! and Other WCMS and Plugins

Attacks on popular applications/WCMS (web content management systems) and plugins are commonplace today. Particularly the security holes in widespread systems and plugins are aggressively exploited.

There are good ways to protect your website. The effort you have to invest is minimal – this is what you should do:

  1. Keep your WCMS up to date
  2. Keep your plugins, extensions and themes up to date
  3. Use only the plugins and extensions that you need. Remove plugins that you are not actively using. Less is more.
  4. Protect your admin area via 2-factor authentication. You can choose a hardware solution (Yubikey) or a software one (Google Authenticator).

This is how we protect your website in 1&1 Web Hosting (Shared Hosting)

Today I had an interesting conversation with Georg, one of our security experts from the Shared Hosting IT Operations team (responsible for the daily operations in our company).

Georg and his colleagues monitor external sources, such as seclists.org, oss-security, exploit database, metasploit and various other security and WordPress blogs. Internally, we constantly analyze our web hosting systems, so that we quickly identify attack vectors and prevent attacks.

External sources providing valuable information using attractive designs (selection):

sec-blogs-teaser

If exploits or security holes emerge, we create rules for our Apache web servers to prevent these exploits in a targeted manner. These rules and the whole set of rules are managed in the mod_security module.

For example, with server-side rules we protect you from:

  • SQL injection
  • Remote file include
  • Local file include
  • XSS (cross-site scripting)
  • Or more generally: security holes in popular plugins and WCMS

For this purpose we use no standard set of rules, but we actively create and maintain our own set of rules. This way, we tailor our rules to your needs and applications.

Our goal is to offer you the best possible protection while maintaining the high performance.

This means that we examine and evaluate our set of rules at fixed intervals and, if necessary, we disable the rules for exploits that were already fixed by the developer of the concerned plugin or WCMS, and thus can no longer be exploited for an attack.

Important: Even if we always react as quickly as possible, with the mod_security rules we cannot guarantee you 100% protection against all exploits (e.g. zero-day exploits) in all WCMS and plugins.

What we can do is: work together on the security of our systems and your applications (see above: This is what you should do…).

Can mod-security rules lead to problems with plugins or extensions?

Occasionally, mod_security rules block certain functions required for plugins. However, we activate these rules, as in this moment we regard the security and availability of your applications as more important than the full functionality of a plugin.

HTTP 503 messages may indicate a conflict with mod_security. So if you have problems with a plugin, an extension or the like, please contact our support. Our support team is informed about active mod_security rules and can pass your feedback on to IT Operations.

Please rate this post :

Leave a Reply

Your email address will not be published. Required fields are marked *