Discover Centmin Mod today
Register Now

Security Protecting Wordpress From DDOS (IP Leaks)

Discussion in 'System Administration' started by BamaStangGuy, Mar 20, 2018.

  1. BamaStangGuy

    BamaStangGuy Active Member

    509
    147
    43
    May 25, 2014
    Ratings:
    +195
    Local Time:
    10:38 PM
    I've got a few wordpress blogs now and a few of them are in pretty interesting niches (Cryptocurrency for example).

    So I want to make sure I do what I can to prevent my IP address from leaking out from behind CloudFlare.

    I've locked down email through Amazon SES via Postfix but I am not sure what else I might be missing that could leak?

    I have one site that allows Contributors. They can not edit a post once published but they could possibly link an image from a server they own when initially publishing. Would that leak my IP? If so, is there any easy way to block this?

    What else might I be missing with Wordpress? Surprisingly, not much in Google.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    4,157
    1,007
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,421
    Local Time:
    11:38 AM
    1.11
    10.2
    No unless you proxy the images or auto download as local copy.
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    I think what @RoldanLT meant is yes that will leak your IP unless you setup images to be served from a http forward (not reverse proxy) like xenforo does for proxy images. You can always verify this by posting link to a image from a server you own and then check your logs for ip address it reveals when accessed

    Also cloudflare needs setting up authenticated origin pulls to properly hide IP Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks
     
..