Wordpress and Shell Backdoors

Jordan Ostreff

Aug 2, 2024 • 1 min read

It looks that wordpress has big problems with his possibility to upload files, and also to publish comments. But this opens many possibilities malware to be uploaded to such sites, and then they will be easily hacked.

I'm using following configuration for caddy web server configuration:

..... {
    encode zstd gzip
    @disallowed {
        path /xmlrpc.php
        path *.sql
        path /.user.ini
        path /.htaccess
        path /wp-content/uploads/*.php
    }
    rewrite @disallowed '/index.php'
    
    # Add trailing slash for directory requests
    @canonicalPath {
            file {path}/index.php
            not path */
    }
    redir @canonicalPath {http.request.orig_uri.path}/ 308

    # If the requested file does not exist, try index files
    @indexFiles file {
            try_files {path} {path}/index.php index.php
            split_path .php
    }
    rewrite @indexFiles {file_match.relative}

    # Proxy PHP files to the FastCGI responder
    @phpFiles path *.php
    reverse_proxy @phpFiles localhost:9000 {
            transport fastcgi {
                    split .php
            }
    }
    ....
}

Now I'm waiting new attempt to hack php based hosted sites to be made again 😃

Still no success - so this means that this also doesn't help to wordpress to be on safe side!

Source for this recommendation comes from caddy community.