Sucuri WordPress Security Plugin Protects Against PHP-CGI Vulnerability

Today we released an update on the latest PHP CGI vulnerability and provided some additional information that users can use to help protect against it.

Guidance includes updating your .htaccess file with the following:

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? – [F,L]

It is important to note however that if you are on WordPress and currently using our Free security plugin you are protected. We are actively seeing the attack across our growing network of plugin users and proactively pushing changes to protect our users.

What’s great about this is that its independent of what your host does. You can rest easy knowing that we’ve got your back.

Not Familiar With our Free Security Plugin?

You can find more information on the specifics by reading our Preventive page. The Security plugin is a new feature that we have recently released for free to all our WordPress clients.

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.