Discover Centmin Mod today
Register Now

Security Protecting Wordpress From DDOS (IP Leaks)

Discussion in 'System Administration' started by BamaStangGuy, Mar 20, 2018.

  1. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    651
    189
    43
    May 25, 2014
    Ratings:
    +264
    Local Time:
    10:33 AM
    I've got a few wordpress blogs now and a few of them are in pretty interesting niches (Cryptocurrency for example).

    So I want to make sure I do what I can to prevent my IP address from leaking out from behind CloudFlare.

    I've locked down email through Amazon SES via Postfix but I am not sure what else I might be missing that could leak?

    I have one site that allows Contributors. They can not edit a post once published but they could possibly link an image from a server they own when initially publishing. Would that leak my IP? If so, is there any easy way to block this?

    What else might I be missing with Wordpress? Surprisingly, not much in Google.
     
  2. rdan

    rdan Well-Known Member

    5,018
    1,219
    113
    May 25, 2014
    Ratings:
    +1,847
    Local Time:
    12:33 AM
    Mainline
    10.2
    No unless you proxy the images or auto download as local copy.
     
  3. eva2000

    eva2000 Administrator Staff Member

    45,974
    10,444
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,206
    Local Time:
    2:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    I think what @RoldanLT meant is yes that will leak your IP unless you setup images to be served from a http forward (not reverse proxy) like xenforo does for proxy images. You can always verify this by posting link to a image from a server you own and then check your logs for ip address it reveals when accessed

    Also cloudflare needs setting up authenticated origin pulls to properly hide IP Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks