Sucuri WordPress Security Plugin Protects Against PHP-CGI Vulnerability

Today we released an update on the latest PHP CGI vulnerability and provided some additional information that users can use to help protect against it.

Guidance includes updating your .htaccess file with the following:

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|- [NC]
RewriteRule .? – [F,L]

It is important to note however that if you are on WordPress and currently using our Free security plugin you are protected. We are actively seeing the attack across our growing network of plugin users and proactively pushing changes to protect our users.

What’s great about this is that its independent of what your host does. You can rest easy knowing that we’ve got your back.

Not Familiar With our Free Security Plugin?

You can find more information on the specifics by reading our Preventive page. The Security plugin is a new feature that we have recently released for free to all our WordPress clients.

About Tony Perez

Tony works at Sucuri. His passion lies in educating and bringing awareness about online threats to business owners. He spends his time giving presentations and writing content that everyday website owners can appreciate. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at Tony on Security and you can follow him on Twitter at @perezbox.

  • Panah Rad

    Hi guys.

    What if one is using Nginx instead?  How do we go about addressing that or is that not an issue?

  • Pingback: Sucuri WordPress Security Plugin Protects Against PHP-CGI … |

  • LockerPress

    You guys provide a great security plugin that’ll take care of the PHP-CGI Vulnerability. Do you have any stats as to how many attacks has come through that vulnerability this year?

    • Andres Armeda

      Hey there. We have raw numbers, nothing that we’ll post soon. We’d love to chat with you though. Can you drop us an email? – Have a great night!