Category: WordPress Security

Tips, strategies, and guides for securing WordPress websites.

  • fail2ban and nftables – Useful Tips

    Troubleshooting Fail2Ban Issues with nftables

    Fail2Ban may sometimes cause issues. In many cases, it’s enough to delete the nftables rules created by Fail2Ban, briefly stop the service, and then restart it. On restart, Fail2Ban will automatically recreate all necessary nftables sets and rules.

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Example to delete the f2b-table in the inet family context:

    Bash
    nft delete table inet f2b-table
    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 2

    After explaining the basic nft concepts in Part 1, I’ll now present the most important commands in Part 2..

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Display the complete configuration:

    Bash
    nft list ruleset

    This command displays the entire current nftables ruleset.

    Since the ruleset can become quite large depending on its complexity, I’ve created a custom script that trims the output to the essentials: for multiline blocks within curly braces, only the first and last line are shown.

    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 1

    nftables is a modern packet filtering framework for Linux and is set to replace iptables in the long term. In this post, I present the most useful commands that have proven effective in my daily admin work.

    The creation of new tables and chains is rarely needed in my practice, so I won’t cover that here.

    In Part 1, I explain the basic concepts. In Part 2, I go over the most important commands.

    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 3

    Part 3 – Defining Proper Exceptions for WordPress

    After successfully integrating and testing ModSecurity with the OWASP Core Rule Set (CRS), you’ll quickly run into a common issue when using dynamic applications like WordPress: false positives — legitimate requests incorrectly classified as attacks and blocked.

    WordPress uses modern features like the REST API, AJAX, dynamic block editors (Gutenberg), and sometimes specific HTML comments. These mechanisms often trigger security rules when CRS is active — particularly in the areas of XSS, LFI, or anomaly detection. To ensure that these protections don’t interfere with the admin interface, we need to define targeted rule exceptions for WordPress.

    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 2

    Part 2 – Installing the OWASP Core Rule Set (CRS)

    After successfully installing ModSecurity v3 in Part 1, this guide will now show you how to install and activate the OWASP Core Rule Set to enable protection rules for ModSecurity.

    Download and Activate the OWASP CRS

    The following commands will let you download and activate the rule set. Change to the modsec directory, clone the Git repository, and create the crs-setup.conf file:

    Bash
    cd /etc/nginx/modsec
sudo git clone https://github.com/coreruleset/coreruleset.git
cd coreruleset
sudo cp crs-setup.conf.example crs-setup.conf
    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 1

    Part 1 – Compiling and Installing the Modules and Enabling ModSecurity v3

    This guide shows the complete installation of ModSecurity v3 with NGINX and the OWASP Core Rule Set (CRS) on an Ubuntu server – including correct module paths, symlink conventions, and example tests.

    • In Part 1 you install the necessary modules and enable ModSecurity v3.
    • In Part 2 we add the OWASP Core Rule Set (CRS).
    • In Part 3 we cover the required exceptions for the OWASP Core Rule Set to run a WordPress website.

    1. Install Dependencies

    Bash
    sudo apt update
sudo apt install -y git g++ build-essential autoconf automake libtool \
  libpcre3 libpcre3-dev libpcre2-dev libxml2 libxml2-dev libyajl-dev \
  pkg-config zlib1g zlib1g-dev libcurl4-openssl-dev \
  liblua5.3-dev libgeoip-dev doxygen
    (more…)

  • Simple protection against comment spam in WordPress

    Comment spam is one of the most annoying phenomena in blogs and content systems. Even if you hide the comment form in the frontend, the WordPress comment endpoint (wp-comments-post.php) remains active by default – and can be accessed directly.

    I’ll explain the details and how to avoid comment spam.

    (more…)