WAF 381206

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

381206

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked

Description

This rule detects when a client attempts to directly access the "wp-config.php". This rule does not prevent or alert if Wordpress itself reads this file.

Clients do not need to directly access this file, and it is recommended by WordPress that you block all access to this file. This file contains sensitive information about the Wordpress site, including passwords, that if disclosed will allow an attacker to gain full control of the WordPress site, including the ability to replace and install software.

False Positives

No known false positives.

Tuning Guidance

None.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

https://codex.wordpress.org/Hardening_WordPress

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_381206&oldid=2351"
Personal tools