WPIDS – PHPIDS your WordPress the comfy way
Article written by philipp
Some weeks ago a basic plugin was released which enabled PHPIDS support for your WordPress Blog. Since it has some usability flaws I’ve been planning for some time to make a port of PHPIDS to WordPress together with David Kierznowski, but I had some initial problems with it. So it took up to today to get the first release done.
WPIDwhat?
The WPIDS offers protection for your Blog from malicious code injections. Any Request considered as malicious is logged into a database for later analysis. You can also set up email notification for attacks with very high impact. The back-end pages of the plugin will notify you if new filter rules are available and you can check a list of latest intrusion attempts.
But the most important feature of the WPIDS is that you can block attackers for some time if they are running wild on your blog. The plugin is built on the 0.3.2 core of the PHPIDS – a version shipped with the coming 0.4 milestone will be released soon.
New features coming soon
- Better design for the ‘Oh-my-god-you-got-blocked’-page
- Better browsing and analysis features for the attack list
- Functionality to clean the database from old records
- … and the feature you’d like have. Drop me a line!
For telling me what needs to be added or changed you can use my WPIDS Forum. If you have any problems with PHPIDS instead or if you discovered a vector which isn’t caught by PHPIDS yet please report to the PHPIDS team – they eat filters for breakfast.
You can download the Software here.
This entry was posted
on Wednesday, September 12th, 2007 at 4:31 pm and is filed under WPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
September 17th, 2007 at 1:25 pm
[...] Other info: – PHP-IDS Article [...]
September 17th, 2007 at 4:53 pm
WPIDS y el WordPress Hardening Project…
WPIDS es un port de PHPIDS a WordPress, si no me equivoco la traducción vendría a ser Sistema de Detección de Intrusiones para WordPress (WordPress Intrusion Detection System) ya que aunque no aclaran el término, IDS se refiere a esto.
Según una …
September 19th, 2007 at 10:34 am
WPIDS fights SPAM as well…
I just recognized by checking some parts of WPIDS that it does as well block some Spam entries from getting posted to your Website. As PHPIDS checks for HTML tags, unsanitized ones, within the strings it removes these Requests…The only problem is…
October 31st, 2007 at 3:15 am
[...] WPIDS, detecta intrusiones [...]
November 1st, 2007 at 2:39 am
Downloaded wp-ids.zip today to try on WordPress 2.3.1.
I get this error in the setup page. There is some problem at the end of the page when it is trying to display the legend.
Filterrules:
Your WP-IDS runs with the most up to date filter rules.
Last Blocked Bad Requests:
ID Name Value Tag Page IP Impact Time
No Intrusions where logged, you have to be happy!
Legend:
Name Values:GET – Bad Value within $_GET Array, POST – Bad Value within $_POST Array,REQUEST – Bad Value within $_REQUEST Array, SERVER RURI – Bad Value in $_SERVER[REQUEST_URI], SERVER AGENT – Bad Value in $_SERVER[HTTP_USER_AGENT], SERVER REF – Bad Value in $_SERVER[HTTP_REFERER]
November 1st, 2007 at 2:40 am
I tried going to the indicated forum. I was unable to post and unable to register.
November 4th, 2007 at 11:57 pm
Hi Ben, Thanks for Using WPIDS. About the Error on the bottom of the Page. It’s no Error, it’s just the description of the given Values…Have you tried to register on my forum over at phsoftware.de? I’ll check it out.
January 6th, 2008 at 3:42 am
[...] WPIDS, detecta intrusiones [...]
April 11th, 2008 at 2:14 pm
[...] PHPIDS for wordpress (richiesto PHP5) [...]
June 23rd, 2008 at 6:55 pm
How about making use of the WP-Vulnerabilities list at http://blogsecurity.net ?
When vulnerabilities are checked against the list of installed plugins a vulnerability check can be performed. Is this complementary to the WPIDS ?
September 24th, 2008 at 9:33 am
[...] WPIDS Plugin ini berguna untuk mengamankan file-file wordpress dari proses peng-injekan kode-kode yang berbahaya oleh para hacker. untuk informasi lebih lanjut klik disini [...]
October 28th, 2008 at 3:36 am
[...] PHPIDS for WordPress. This plugin defends against malicious code injections. This was another recomendation from the [...]
January 3rd, 2009 at 4:36 am
[...] habe ich nach Security Enhancements fuer mein Blog gesucht. Nun habe ich eins gefunden: WPIDS – ein auf PHPIDS basiertes Plugin fuer WordPress. Ich find das sehr schnuckelig. Leider fehlt noch [...]
February 26th, 2009 at 12:22 pm
[...] WPIDS: Detecta posibles intrusiones. [...]
March 1st, 2009 at 7:25 am
[...] 9.WPIDS: Detecta posibles intrusiones. [...]
March 5th, 2009 at 1:23 pm
[...] This hasn’t been updated in a while and only works with PHP5. I’d nag BlogSec guys for an update before using it. More info here [...]
March 12th, 2009 at 1:19 am
[...] WPIDS – The WPIDS offers protection for your Blog from malicious code injections. Any Request considered as malicious is logged into a database for later analysis. You can also set up email notification for attacks with very high impact. The back-end pages of the plugin will notify you if new filter rules are available and you can check a list of latest intrusion attempts. [...]
March 13th, 2009 at 5:34 pm
[...] deste blog e milhares por aí na internet. Acabei até por instalar um novo plugin chamado WPIDS o qual oferece suporte PHPIDS ao WordPress. PHPIDS é um módulo de segurança que protege páginas [...]
March 18th, 2009 at 3:22 am
[...] WPIDS (PHPIDS port for WordPress) [...]
April 8th, 2009 at 6:05 am
[...] installed WPIDS because it seemed like a good idea at the time. I uninstalled it for the same reason, because I [...]
April 28th, 2009 at 5:33 pm
[...] along with the many WP updates that come and goes as they come out of the grinder. There are some issues to address that may need sone study and implementation may need quite some extensive PHP knowledge. Some other [...]
June 6th, 2009 at 6:06 pm
[...] 9.WPIDS: Detecta posibles intrusiones. [...]
August 3rd, 2009 at 1:04 pm
[...] Installing PHPIDS in WordPress, Serendipity, Joomla and Drupal although you might want to use the official WPIDS plugin for WordPress from php-ids.org [...]
September 1st, 2009 at 5:37 pm
[...] Plugin de deteccion y bloqueo de intrusos | WPIDS es un port de PHPIDS a WordPress. [...]
September 6th, 2009 at 5:26 am
[...] 点击前往 OR Download this file [...]
October 17th, 2009 at 3:12 am
[...] 9.WPIDS: Detecta posibles intrusiones. [...]
October 18th, 2009 at 2:27 am
[...] Click here go to the official website [...]
October 30th, 2009 at 8:10 pm
[...] This hasn’t been updated in a while and only works with PHP5. I’d nag BlogSec guys for an update before using it. More info here [...]
November 5th, 2009 at 11:08 am
[...] This plugin works similarly to the WordPress Firewall Plugin. It uses some different technologies but the end goal is the same. Preventing malicious code injections through WordPress. The plugin automatically emails me when there is a potential attack. WPIDS Plugin for WordPress. [...]
November 20th, 2009 at 1:00 am
,[...] php-ids.org is one nice source of tips on this topic,[...]
February 10th, 2010 at 12:04 pm
[...] repelling e-mail address harvesters, spam bots and all kinds of evil insects.3. WPIDSWebsite: http://php-ids.org/2007/09/12/wpids-phpids-your-wordpress-the-comfy-way/ An excellent alliance between WordPress and the PHPIDS project. It monitors your website for a very [...]