WPIDS - PHPIDS your Wordpress the comfy way
Article written by philipp
Some weeks ago a basic plugin was released which enabled PHPIDS support for your Wordpress Blog. Since it has some usability flaws I’ve been planning for some time to make a port of PHPIDS to Wordpress together with David Kierznowski, but I had some initial problems with it. So it took up to today to get the first release done.
WPIDwhat?
The WPIDS offers protection for your Blog from malicious code injections. Any Request considered as malicious is logged into a database for later analysis. You can also set up email notification for attacks with very high impact. The back-end pages of the plugin will notify you if new filter rules are available and you can check a list of latest intrusion attempts.
But the most important feature of the WPIDS is that you can block attackers for some time if they are running wild on your blog. The plugin is built on the 0.3.2 core of the PHPIDS - a version shipped with the coming 0.4 milestone will be released soon.
New features coming soon
- Better design for the ‘Oh-my-god-you-got-blocked’-page
- Better browsing and analysis features for the attack list
- Functionality to clean the database from old records
- … and the feature you’d like have. Drop me a line!
For telling me what needs to be added or changed you can use my WPIDS Forum. If you have any problems with PHPIDS instead or if you discovered a vector which isn’t caught by PHPIDS yet please report to the PHPIDS team - they eat filters for breakfast.
You can download the Software here.
This entry was posted
on Wednesday, September 12th, 2007 at 4:31 pm and is filed under WPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
September 17th, 2007 at 1:25 pm
[...] Other info: - PHP-IDS Article [...]
September 17th, 2007 at 4:53 pm
WPIDS y el WordPress Hardening Project…
WPIDS es un port de PHPIDS a WordPress, si no me equivoco la traducción vendría a ser Sistema de Detección de Intrusiones para WordPress (WordPress Intrusion Detection System) ya que aunque no aclaran el término, IDS se refiere a esto.
Según una …
September 19th, 2007 at 10:34 am
WPIDS fights SPAM as well…
I just recognized by checking some parts of WPIDS that it does as well block some Spam entries from getting posted to your Website. As PHPIDS checks for HTML tags, unsanitized ones, within the strings it removes these Requests…The only problem is…
October 31st, 2007 at 3:15 am
[...] WPIDS, detecta intrusiones [...]
November 1st, 2007 at 2:39 am
Downloaded wp-ids.zip today to try on WordPress 2.3.1.
I get this error in the setup page. There is some problem at the end of the page when it is trying to display the legend.
Filterrules:
Your WP-IDS runs with the most up to date filter rules.
Last Blocked Bad Requests:
ID Name Value Tag Page IP Impact Time
No Intrusions where logged, you have to be happy!
Legend:
Name Values:GET - Bad Value within $_GET Array, POST - Bad Value within $_POST Array,REQUEST - Bad Value within $_REQUEST Array, SERVER RURI - Bad Value in $_SERVER[REQUEST_URI], SERVER AGENT - Bad Value in $_SERVER[HTTP_USER_AGENT], SERVER REF - Bad Value in $_SERVER[HTTP_REFERER]
November 1st, 2007 at 2:40 am
I tried going to the indicated forum. I was unable to post and unable to register.
November 4th, 2007 at 11:57 pm
Hi Ben, Thanks for Using WPIDS. About the Error on the bottom of the Page. It’s no Error, it’s just the description of the given Values…Have you tried to register on my forum over at phsoftware.de? I’ll check it out.
January 6th, 2008 at 3:42 am
[...] WPIDS, detecta intrusiones [...]
April 11th, 2008 at 2:14 pm
[...] PHPIDS for wordpress (richiesto PHP5) [...]