Author Topic: Enable Mod_Security for Wordpress  (Read 35314 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Enable Mod_Security for Wordpress
« on: December 14, 2015, 02:41:42 AM »
Hi
I am deploy Wordpress 4 and Enable Mod_Security

When I am login to admin (Wordpress 4), there are error like show below:
 
Forbidden
You don't have permission to access /wp-admin/admin.php on this server.
Please help to fix the issue

Yaya

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #1 on: December 14, 2015, 07:20:37 PM »
you should check and whitelist mod_security rule blocking you in mod security configuration in cwp.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #2 on: December 15, 2015, 07:59:39 AM »
you should check and whitelist mod_security rule blocking you in mod security configuration in cwp.

could you please show whitelist rules?

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #3 on: December 16, 2015, 07:19:32 PM »
Take a look at this thread on wordpress.org, some rules listed for the script and various plugins.

https://wordpress.org/support/topic/mod_security-for-wordpress

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #4 on: December 22, 2015, 03:25:01 AM »
Security -> mod_security -> Disabled rules link. Replace contents with these (should work with Jetpack, Google Sitemap, Google Adsense, and W3 total cache plugins):

## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #5 on: November 24, 2016, 05:20:55 AM »
Security -> mod_security -> Disabled rules link. Replace contents with these (should work with Jetpack, Google Sitemap, Google Adsense, and W3 total cache plugins):

## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901


Works for me in WordPress 3.7.1

Thx!

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #6 on: December 31, 2016, 02:24:50 PM »
Good wordpress modsecurity rules from Malware Experts - https://malware.expert


Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #7 on: January 12, 2017, 06:19:22 PM »
Would this work for a newer version of wordpress ?  Also how does this work https://configserver.com  Is it the same ?  And if you dont do this will it make the wordpres site vulnerable it mod security wasnt on ?

Security -> mod_security -> Disabled rules link. Replace contents with these (should work with Jetpack, Google Sitemap, Google Adsense, and W3 total cache plugins):

## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901


Works for me in WordPress 3.7.1

Thx!

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #8 on: January 17, 2017, 04:51:36 PM »
anyone ?

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #9 on: January 18, 2017, 06:41:25 AM »
you should use Comodo WAF as it has the latest rules with autoupdates and they are much easier then others.
CSF is operating system firewall means it protects your system from hacking
WAF/ModSecurity is application firewall means it protects your script from hacking
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #10 on: April 20, 2018, 03:19:57 PM »
Security -> mod_security -> Disabled rules link. Replace contents with these (should work with Jetpack, Google Sitemap, Google Adsense, and W3 total cache plugins):

## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901


Obrigado e Parabéns mim ajudou muito, estava com problemas 403 na minha vps, salvou meu dia!!

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #11 on: June 27, 2020, 11:03:33 AM »
Add this lines to your modsec.conf

Code: [Select]
<IfModule mod_security2.c>
## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901
SecRuleRemoveById 958049
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 958049
SecRuleRemoveById 973348
SecRuleRemoveById 973321
</IfModule>

Saturday, June 27, 2020 work !!

Offline
*
Re: Enable Mod_Security for Wordpress
« Reply #12 on: June 27, 2020, 11:17:07 AM »
If you encounter any errors, replace the "/wp-admin/post.php" line with the error line that will resolve the problem.
Code: [Select]
<IfModule mod_security2.c>
SecRuleEngine On
</IfModule>
<LocationMatch "/wp-admin/post.php">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "replace path error permission">
  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61
</LocationMatch>