Today we released an update on the latest PHP CGI vulnerability and provided some additional information that users can use to help protect against it.
Guidance includes updating your .htaccess file with the following:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? – [F,L]
It is important to note however that if you are on WordPress and currently using our Free security plugin you are protected. We are actively seeing the attack across our growing network of plugin users and proactively pushing changes to protect our users.
What’s great about this is that its independent of what your host does. You can rest easy knowing that we’ve got your back.
Not Familiar With our Free Security Plugin?
You can find more information on the specifics by reading our Preventive page. The Security plugin is a new feature that we have recently released for free to all our WordPress clients.
Leave a reply
