Mod Security WP rulset

Our serverside rule set is based on OWASP.

Below you will see base Rule Sets for all sites located on the server (Optionally you can change the default behavior as described in the 01_SETUP.conf file:):

SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REMOTE_ADDR}"
SecAction "id:22000004,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_bruteforce=1"
SecAction "id:22000005,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_timespan=120"
SecAction "id:22000010,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_threshold=5"
SecAction "id:22000015,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_banperiod=300"
SecAction "id:22000020,phase:1,nolog,pass,t:none,setvar:tx.wprs_log_authentications=1"
SecAction "id:22000025,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_xmlrpc=0"
SecAction "id:22000030,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_user_enumeration=0"

Additionally, you will find the Core Rule Set here.

The sites are hardening to block access to sensitive folders so if you encounter issues with uploads or access to any files on the site, please reach out to an admin.

Getting Started

Theme Options

Plugin Customization

Breakdance Editor

Plesk

Security

Footer

Subscriptions

Acronis Backup

React

Square

Linux Server

Mod Security WP rulset

What are your feelings

Cpanel account request

Employee Plugin Request