Hi thanks for your reply!
I am using the WordPress for Android app you listed. I use Bluehost – the main domain is http://www.naturalhealthandfertility.com and I also have a subdomain- kingfieldca.com. I was not using the specific XML-RPC code, I changed it to Jetpack version, but it didn’t work. I then tried the step 2 you outlined above, and lost access to my website and had to have bluehost reset it after getting multiple error 500 messages. Since reestablishing acces,I deleted the jetpack xml-rpc code to see if the simple POST request attack code was conflicting with the specialized Jetpack xml-rpc code, but it still doesn’t work. I am going to try re-adding the specialized Jetpack POST request code again to see if there’s any change- here’s the custom code added to the custom code bottom hotlinking etc custom code area:
# WP AUTHOR ENUMERATION BOT PROBE PROTECTION
# Redirects to author=999999 that does not actually exist
# which results in a standard 404 error. To the hacker bot
# it appears that this author does not exist without giving
# any clues that the author does actually exist.
RewriteCond %{QUERY_STRING} ^author=([0-9]){1,}$ [NC]
RewriteRule ^(.*)$ $1?author=999999 [L]
# Block/Forbid Referer Spammers/Referer Phishing
RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|buttons-for-your-website\.com|4webmasters\.org|social-buttons\.com|best-seo-offer\.com|best-seo-solution\.com).*$ [NC]
RewriteRule ^(.*)$ - [F]
# Jetpack XML-RPC DDoS PROTECTION
# You can whitelist your IP address if you use A Weblog Client
# or want to whitelist an IP address for any other reasons.
# Example: Add this line of code RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.xxx) [OR]
# inbetween the first and second lines of code below. Then replace the x's with the
# actual IP address you want to whitelist.
# Note: It is recommended that you use 3 octets x.x.x. of your IP address
# instead of 4 octets x.x.x.x of your IP address.
# Example: RewriteCond %{REMOTE_ADDR} ^(xxx\.xxx\.xxx\.) [OR]
RewriteCond %{REQUEST_URI} ^.*(xmlrpc\.php)$
RewriteCond %{HTTP_USER_AGENT} !^(.*Jetpack.*)$
RewriteRule ^(.*)$ - [F]
# BPS POST Request Attack Protection
RewriteCond %{REQUEST_METHOD} POST [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
# Whitelist the WordPress Theme Customizer
RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
# Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests
RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
# Whitelist Network|Multisite Signup POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
# Whitelist Network|Multisite Activate POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
# Whitelist Trackback POST Requests
RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
# Whitelist Comments POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
# Example 1: Whitelist Star Rating Calculator POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/star-rating-calculator.php [NC]
# Example 2: Whitelist Contact Form POST Requests
RewriteCond %{REQUEST_URI} !^.*/contact/ [NC]
# Example 3: Whitelist PayPal IPN API Script POST Requests
RewriteCond %{REQUEST_URI} !^.*/ipn_handler.php [NC]
RewriteRule ^(.*)$ - [F]
-
This reply was modified 18 hours, 13 minutes ago by
Christian Fetsch.
-
This reply was modified 18 hours ago by
AITpro Admin.
