Yeah, will do. I actually realized that some of the plugins are not exactly ideal as they block some important parts of your website's functionality. I should create another thread with a proper walkthrough today.
-
You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
Babiato Resources getting hacked or malicious codes? Do THESE NOW!
- Thread starter Escanor64
- Start date
All of my site's are routed through Cloudflare. I still didn't prevent them from getting hacked.All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!
Learn how to use Cloudflare to protect your website and sleep with your 2 eyes closed
You need to bind your VPS to Cloudflare through IPTables rules by creating a rules set for a tunnel, this way crawlers like censys.io etc aren't able to see your real IP address in very first place!
BTW I've nulled WP Hide Security Enhancer Pro v4.4 a few minutes ago for those who use it: https://babia.to/threads/wp-hide-security-enhancer-pro.13969/post-1055750
Not properly so, what about HTTP Request Smuggling attacks?All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!
Learn how to use Cloudflare to protect your website and sleep with your 2 eyes closed
Plugins are useful, a good web server configuration following proper hardening best practices even more (i.e. IPTabes Rules, Strict CSP, etc.), especially while using HTTP/3 QUIC.
Last edited:
I use apache include file to block at server level, so xmlrpc will be blocked in all sites.
Code:
<Files xmlrpc.php>
Order allow,deny
Allow from 192.0.64.1/192.0.127.254
Deny from all
Satisfy All
ErrorDocument 403 http://127.0.0.1/
</Files>The allowed IP addresses are related to Jetpack plugin.
Bro,
Are you working in the NSA?
check your dns zone, set up properly
intoDNS: checks DNS and mail servers health
intoDNS checks the health and configuration of DNS and mail servers.
intodns.com
And if you need the perfect scanner to check the security of your website, use Sudomy: https://github.com/screetsec/Sudomy - it uses many services like the following:
Code:
https://censys.io
https://developer.shodan.io
https://dns.bufferover.run
https://index.commoncrawl.org
https://riddler.io
https://api.certspotter.com
https://api.hackertarget.com
https://api.threatminer.org
https://community.riskiq.com
https://crt.sh
https://dnsdumpster.com
https://docs.binaryedge.io
https://securitytrails.com
https://graph.facebook.com
https://otx.alienvault.com
https://rapiddns.io
https://spyse.com
https://urlscan.io
https://www.dnsdb.info
https://www.virustotal.com
https://threatcrowd.org
https://web.archive.orgIt works directly from your CLI, it provides you with a list of Matches found after each scan in order to patch them, it's open-source and well documented!
Additionally, if you use WordPress, you can check for vulnerabilities to patch using one of this tools:
Enjoy
Last edited:
Similar threads
- Poll
