WordPress Security How To

Hoe WordPress te beschermen tegen CVE-2018-6389 DoS-aanvallen

WP Cerber Security 6.2 brought protection against a denial of service (DoS) attack that exploits recently discovered vulnerability CVE-2018-6389

We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special knowledge or software is needed.

The protection mechanism in the plugin is disabled by default. When it’s active, only authorized users have access to the load-scripts.php and load-styles.php scripts.

To enable protection against CVE-2018-6389 DoS attacks, go to the Hardening tab, enable Block unauthorized access to load-scripts.php and load-styles.php and click Save Changes. After enabling this setting a set of security rules will be added to the .htaccess file and a special, known to your web server only, cookie will be set for every authorized user. Styles and scripts that are used for the standard WordPress login form will be loaded without concatenation. To stop the concatenation the plugin defines CONCATENATE_SCRIPTS constant for all non-logged in visitors.

Read more about CVE-2018-6389

Hardening settings in the WordPress Dashboard

Hardening settings in the WordPress Dashboard

Do you know that you can configure these settings on any number of websites remotely? Enable a Cerber.Hub master mode on the main website and a slave mode on your other websites to manage all WP Cerber instances from one WordPress dashboard by switching between your websites in a click.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.

I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments