Two months ago we did testing that showed that WordPress security plugins didn’t protect against exploitation of vulnerabilities that involved sending user input containing PHP code as raw POST data that would be read in PHP from php://input:. At the time, we improved our new Plugin Vulnerabilities Firewall to address that type of exploit. Based on the results of our automated testing, none of the other firewall plugins for WordPress have followed our lead and added protection against this in the subsequent two months.

Today our firewall stopped multiple attempts to exploit this type of issue on our website. These attempts would have failed anyway, since the attempts involved trying to exploit software not on our website, but the attempts and the firewall’s logging gave us a chance to see what the hacker was trying to do. [Read more]