loserkids Hello @VirtuBox . is there a way to block domains and ip address in nginx (especially on wordops)? because i just realized that my website was infected by malware i have no idea where this virus came from. I use wordpress this virus creates php files in wp-includes and injects ugly code in functions.php and from my opinion you should add some security to prevent code injection. Thank you for your attention
loserkids Hello nsgoyat , i have no idea lastly i downloaded wordpress file manager from a website. thank you for the reference I will try
nsgoyat By the way, you can use NGINX Ultimat Bad Bot Blocker to prevent spam domains, bots accessing your website. However, the installation of this program is a little bit tricky with WordOps. Follow this comment and you should be good to set it up with WO too.
portofacil loserkids Bro, you use nulled plugins, for file management (which should never be done inside WP), and has the guts to accuse WordOps to be insecure? Come on, bro!
loserkids portofacil I didn't say wordops insecure, I just gave a suggestion. I know the purpose of WordOps is not there as i said i just gave a suggestion, if possible and this virus is not definitely caused by file manager plugin I don't know exactly where it came from
VirtuBox Hello loserkids, there are already several Nginx directives to secure WordPress as much as possible, but it would require to use a WAF (Web Application Firewall) like Naxsi to provide a better protection, and I haven't managed to build Nginx packages with Naxsi yet. But with the current Nginx configuration, I never faced to a single WordPress site infected in all the sites I manage
portofacil It is impossible, 100% impossible, to avoid file injections when you send files already infected to your WP. If you can't afford auditing code of your components, don't use plugins and themes from any untrusted source.