Protection with Proxies for WordPress Website

Good Morning,

I believe this is the appropriate place for this question.

We recently had a WordPress site that was compromised due to a vulnerability in a plugin. Here is detailed info on the vulnerability: https://www.wordfence.com/blog/2023/05/psa-attackers-actively-exploiting-critical-vulnerability-in-essential-addons-for-elementor/ ... Basically it was a vulnerability that allowed passwords to be reset.

We do not have the website behind any of the https proxies on the WG for a couple of reasons. However, those can be overcome at this point. Would putting a website behind the WG https proxies be beneficial from preventing vulnerabilities such as this?

Thanks!

Comments

  • I don't see how just by using the HTTPS proxy, that it would have prevented this exploit attempt.

    With the HTTPS proxy with inspection, one is likely to have better protection from known exploits for which there are IPS signatures.

  • @Bruce_Briggs ... So I need to have the HTTPS proxy with inspection then? I don't think we have it turned on for this particular website. I believe we have a firewall rule exempting it.

  • I don't see how the HTTPS proxy could prevent "any unauthenticated user to reset arbitrary user passwords" on WordPress because of the Essential Addons for Elementor bug, given that there is currently no IPS signature for this bug.

  • @Bruce_Briggs ... Understood. Yeah thats what I was wondering was if there were any IPS Signatures and how that entire process works.

  • edited May 2023

    You can search for IPS signatures, here:
    https://securityportal.watchguard.com/Threats?sigVers=4

    A search for WordPress shows some, but none for this issue.

  • IPS signatures used to be provided by Trend Micro.
    However, I can't find any info which indicates that they are still the provider.

    In any case, presumably WG folks review the signatures being provided prior to releasing them to us.

  • @Bruce_Briggs ... Awesome thanks!

Sign In to comment.