Server OS: Ubuntu 22.04
Current Version: 2.3
Build: 5
Current Commit: 31f2450fdc40e606bdb084ed6d07cb14d7ee67ba
Latest Version: 2.3
Latest Build: 5
Latest Commit: 31f2450fdc40e606bdb084ed6d07cb14d7ee67ba
Hi there, I’m looking for a way to completely block external traffic to an instance of a WordPress website on my server. My goal is to re-deploy and fix a WordPress site that has been subject to the recent Remote Code Execution (RCE) vulnerability found in the Bricks Builder theme. While it was previously thought that simply doing a restoration of a site is enough, there is a persistent backdoor if you do not restore a backup to a brand new instance of WordPress.
If you’re unaware of the security vulnerability, how it works, and how to fix it, there’s a good video on YouTube called “The patch #2 - attacking the website and how to avoid similar attacks in the future.” by Emil Trägårdh (Channel is @etragardh) — the forum isn’t allowing me to link out to YouTube for some reason.
Essentially, I need to be able to create a new website on CyberPanel, then restrict access for it to only my IP address. I have tried adjusting the Rewrite Rules, to the each of the following (each did not block external traffic).
Order Deny,Allow
Deny from all
Allow from YOUR_IP_ADDRESS
and
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^your\.ip\.address\.here$
RewriteRule .* - [F]
Lastly, I have also tried going into Litespeed directly and changing the following…
Litespeed > Virtual Hosts > {my-website-domain} > Security> Access Control
I changed the allow/deny list as follows…
Allowed List: MY_IP_ADDRESS
Denied List: ALL
This partially worked, allowing only myself to view the domain root, but no additional pages and directories.
Any help or guidance is greatly appreciated.
Cheers,
–
Brian