Want to subscribe to topics you're interested in?
Become a Member

Security Protecting Wordpress From DDOS (IP Leaks)

Discussion in 'System Administration' started by BamaStangGuy, Mar 20, 2018.

  1. BamaStangGuy

    BamaStangGuy Active Member

    May 25, 2014
    Local Time:
    2:49 PM
    I've got a few wordpress blogs now and a few of them are in pretty interesting niches (Cryptocurrency for example).

    So I want to make sure I do what I can to prevent my IP address from leaking out from behind CloudFlare.

    I've locked down email through Amazon SES via Postfix but I am not sure what else I might be missing that could leak?

    I have one site that allows Contributors. They can not edit a post once published but they could possibly link an image from a server they own when initially publishing. Would that leak my IP? If so, is there any easy way to block this?

    What else might I be missing with Wordpress? Surprisingly, not much in Google.
  2. rdan

    rdan Well-Known Member

    May 25, 2014
    Local Time:
    3:49 AM
    No unless you proxy the images or auto download as local copy.
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    5:49 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    I think what @RoldanLT meant is yes that will leak your IP unless you setup images to be served from a http forward (not reverse proxy) like xenforo does for proxy images. You can always verify this by posting link to a image from a server you own and then check your logs for ip address it reveals when accessed

    Also cloudflare needs setting up authenticated origin pulls to properly hide IP Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks