Sucuri WordPress Security Plugin Protects Against PHP-CGI Vulnerability

Today we released an update on the latest PHP CGI vulnerability and provided some additional information that users can use to help protect against it.

Guidance includes updating your .htaccess file with the following:

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? – [F,L]

It is important to note however that if you are on WordPress and currently using our Free security plugin you are protected. We are actively seeing the attack across our growing network of plugin users and proactively pushing changes to protect our users.

What’s great about this is that its independent of what your host does. You can rest easy knowing that we’ve got your back.

Not Familiar With our Free Security Plugin?

You can find more information on the specifics by reading our Preventive page. The Security plugin is a new feature that we have recently released for free to all our WordPress clients.

Scan your website for free:
About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. He shares a deep passion for Information Security, Business and Brazilian JiuJitsu. He approaches the business the same as he trains BJJ, one move at a time and gently. You can follow him on twitter: @perezbox.