Difference between revisions of "WAF 381206"
(Created page with "'''Rule ID''' 381206 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress config...") |
Latest revision as of 12:05, 7 June 2012
Rule ID
381206
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked
Description
This rule detects when a client attempts to directly access the "wp-config.php". This rule does not prevent or alert if Wordpress itself reads this file.
Clients do not need to directly access this file, and it is recommended by WordPress that you block all access to this file. This file contains sensitive information about the Wordpress site, including passwords, that if disclosed will allow an attacker to gain full control of the WordPress site, including the ability to replace and install software.
False Positives
No known false positives.
Tuning Guidance
None.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References