cPFence Free Antivirus Now Available for Enhance Users: Page 8 - Enhance Control Panel

cPFence Free Antivirus Now Available for Enhance Users

Andreas

cPFence Thank you, email sent

cPFence

Exciting new features for Bulk WordPress Security!

Learn more about Bulk WordPress Security Features

New Features in cPFence 3.3.8

cpfence --bulk-disable-wp-xmlrpc  
cpfence --bulk-enable-wp-xmlrpc

Fully disable XML-RPC server-wide, blocking requests with a 403 response or re-enable it when needed.

cpfence --bulk-enable-wp-limit-login  
cpfence --bulk-disable-wp-limit-login

Protect wp-login by limiting login attempts to 5 in 5 minutes or disable the feature as needed.

cpfence --bulk-set-wp-secure-keys

Automatically set secure WordPress keys for all sites.

cpfence --bulk-set-wp-permissions

Fix permissions server-wide:

Directories to 755 (750 for public_html)
Files to 644
Sensitive files (e.g., wp-config.php) to 600

cpfence --bulk-enable-wp-hardening
cpfence --bulk-disable-wp-hardening

Apply or revert hardening measures:

Block PHP in uploads
Secure wp-config.php
Restrict wp-includes

cpfence --bulk-disable-wp-file-edit
cpfence --bulk-enable-wp-file-edit

Disable or enable file editing in the WordPress admin panel.

cpfence --bulk-disable-wp-pingback
cpfence --bulk-enable-wp-pingback

Control pingbacks server-wide to prevent DDoS abuse or restore functionality.

cpfence --bulk-disable-wp-cron
cpfence --bulk-enable-wp-cron

Manage WordPress Cron jobs to optimize server performance.

grady

cPFence How is xmlrpc handled? You may recall (if it is you) I had to tweak your knowledgebase reco with a regex statement to handle //xmlrpc attacks. BTW, nice update.

dalet11

@cPFence will those bulk options will apply automatically to new websites created afterwards?

cPFence

dalet11 will those bulk options will apply automatically to new websites created afterwards?

No, the bulk options won’t apply automatically to new websites. You can use the tools to apply changes to selected sites or all existing ones, and the tools are smart enough to skip what’s already done.

dalet11

cPFence so it should cause no issues applying it daily with cronjob..?

cPFence

dalet11

Nope, it’s designed to be run manually, not with a cron. Just run the tool when a lot of new users are added to the server. A daily cron can cause issues with these types of changes and is overkill anyway.

cPFence

grady How is xmlrpc handled? You may recall (if it is you) I had to tweak your knowledgebase reco with a regex statement to handle //xmlrpc attacks. BTW, nice update.

Sorry, I’m not sure what tweaks you’re referring to. However, we no longer recommend using the old WAF method, and our knowledge base has been updated after the latest release. The new approach involves adding a must-use (MU) WordPress plugin called "cPFence WordPress Security" , which is managed and updated directly by cPFence.

grady

cPFence

Refresher below. I'll give it a try but the question was if new solution covers / and // and /// attacks.

This:
I have implemented the settings here:
https://my.cpfence.app/knowledgebase/23/How-to-Stop-XML-RPC-Attacks-Server-Wide-Using-the-cPFence-WAF.html

However, attackers are getting past that using //xmlrpc instead of /xmlrpc so the attack is making it.

You suggested this:
You can try adding another rule specifically for the double // case by using the following:

SecRule REQUEST_URI "@streq //xmlrpc.php" "id:6002,phase:1,deny,status:403,msg:'Blocking access to xmlrpc.php - cPFence'"

I did this instead, which seems to cover everything:

SecRule REQUEST_URI "@rx ^/*xmlrpc.php$" "id:6001,phase:1,deny,status:403,msg:'Blocking access to xmlrpc.php - cPFence'"

rdbf

cPFence The new approach involves adding a must-use (MU) WordPress plugin called "cPFence WordPress Security" , which is managed and updated directly by cPFence.

Has this plugin been released yet? Because Wordpress can't seem to find it yet.

The blogpost also says this:

Bulk disable or enable XML-RPC across your server with ease—no plugins needed. Peace of mind, guaranteed.

cPFence

grady

As mentioned earlier, we no longer recommend blocking xmlrpc using the WAF. The WAF was just a workaround, not a permanent solution. The new tool will completely block xmlrpc, including /, //, and other variations.

For peace of mind, ignore any previous WAF rules suggested by our support team and rely solely on the new tool.

cPFence

rdbf

It’s available exclusively for paid cPFence users only. MU plugins are simple one-file hooks that don’t need to be released and can’t be uninstalled or updated from the WordPress admin panel. This is a common practice among WordPress hosting companies to enforce specific functionalities for their users. While it’s open source, it’s still copyrighted.

And yes, these new cPFence tools eliminate the need for any bloated, resource-hungry security plugins. As always, we aim to keep things dead simple, yet powerful and effective.

rdbf

cPFence It’s available exclusively for paid cPFence users only.

Which I am. I was just wondering about the implementation, but in /var/www/<id>/public_html/wp-content/mu-plugins I do now see the cPFence file.

I just thought it would show up amongst the plugins, as it was called a wordpress plugin. Or that the cPFence cli would have mentioned something about putting it somewhere, that's all. And I didn´t notice that. If I know cPFence puts it there on each wordpress site, uses it and maintains it, that's enough for me for my peace of mind.

edit: And final small thing, cpfence --status doesn't show any of these newer options, so I couldn't tell which server has which options enabled without checking into the files. Great job overall on the software btw, I'm happy with it.

cPFence

rdbf

Thank you for your feedback. A new option will soon be available to easily toggle all WordPress Security features on or off for all sites. This will show up on the status page and will be applied daily across all sites automatically.

We’ll begin working on this once we finish adding the remaining WordPress tools on our list (yes, more are coming—stay tuned!).

babylon

webnestify You are the goat himself who convinced me with his tutorials of enhance to install it and i love it.

thanks buddy!

« Previous Page