Mod Security and WordPress Exceptions – The results

I can now confirm that this exception works fine and is a server wide solution. We have now added the following to our modsecurity_crs_15_customrules.conf file

<LocationMatch “/wp-includes/js/tinymce/plugins/spellchecker/rpc.php”>
SecRuleRemoveById 960010
SecRuleRemoveById 960012
</LocationMatch>

<LocationMatch “/wp-includes/”>
SecRuleRemoveById 960010
SecRuleRemoveById 960012
</LocationMatch>

The first fixes problems with the Spell checker built into WordPress and the latter removes the problems for other features that are tripped up by mod_security.

***WARNING***

After doing this it is vital that you keep up to date quickly with all security updates.

I have just been learning more about wordpress and found their hosted version at http://www.wordpress.com doing a search for mod_security brings up some quite interesting posts. About a third are about how to disable it totally (Ouch). Kelson who seemed to have the same issue and inercia who noticed attempts on his server and cleared them up by using mod_security

Be the first to comment

Leave a Reply

Your email address will not be published.


*