Idea: block "wp-config.php" in QUERY_STRING
-
Hackers want to download wp-config.php often in case of LFI vulnerability (local file inclusion).
e.g. slider revolution exploit:
admin-ajax.php?action=some_action&img=../wp-config.phpIt may be a good idea to block string “wp-config.php” in the $query_string_string.
I am not aware of any consequences, I block these queries on all my servers.
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Idea: block "wp-config.php" in QUERY_STRING’ is closed to new replies.
