Penetration testing – It is recommended that access to this portal is prevented via the Internet

3 Views

We have done some penetration testing on a wordpress site and one of the issues that has been returned is:

An administration portal is accessible via the Internet

Read More
  • It is recommended that access to this portal is prevented via the Internet

As the site is a web based cms is this even possible to fix? This is not my area of expertise and i’m struggling to find a way to fix this.

Can anyone help?

Thanks

Post Views: 3

Related posts

Leave a Reply

2 comments

  1. It is recommended that access to this portal is prevented via the
    Internet

    That’s too vague of a point, and that’s the fault of the people doing the pentest and the pentest software.

    But start with http://codex.wordpress.org/Brute_Force_Attacks and http://codex.wordpress.org/Hardening_WordPress

    In order to restrict access to the admin area by whitelisting IPs 12.345.67.891 and 23.456.78.99 for admin access, in the .htaccess in wp-admin add:

    Options All -Indexes

order deny,allow
deny from all
allow from 12.345.67.891
allow from 23.456.78.99
deny from all

    In the root .htaccess

    <Files wp-login.php>
order deny,allow
deny from all
allow from 12.345.67.891
allow from 23.456.78.99
deny from all
</Files>

    If you calculate the range, you can also use, i.e. 12.345.67.0/24

    You can also obscure the fact that you are using WordPress (not an ideal solution), be sure your hosting situation is secure, and try other best practice suggestions at those links to the Codex.

    And see https://wordpress.stackexchange.com/questions/tagged/security

  2. As far as I know , you can not restrict in way which you want. But you can do like allow admin access to specific user by IP address. Like if you want that no one should access your wp admin other than you then you can achieve this by specified your ip in .htaccess.