Want to subscribe to topics you're interested in?
Become a Member

Security Protecting Wordpress From DDOS (IP Leaks)

Discussion in 'System Administration' started by BamaStangGuy, Mar 20, 2018.

  1. BamaStangGuy

    BamaStangGuy Active Member

    531
    161
    43
    May 25, 2014
    Ratings:
    +214
    Local Time:
    8:26 PM
    I've got a few wordpress blogs now and a few of them are in pretty interesting niches (Cryptocurrency for example).

    So I want to make sure I do what I can to prevent my IP address from leaking out from behind CloudFlare.

    I've locked down email through Amazon SES via Postfix but I am not sure what else I might be missing that could leak?

    I have one site that allows Contributors. They can not edit a post once published but they could possibly link an image from a server they own when initially publishing. Would that leak my IP? If so, is there any easy way to block this?

    What else might I be missing with Wordpress? Surprisingly, not much in Google.
     
  2. rdan

    rdan Premium Member Premium Member

    4,255
    1,034
    113
    May 25, 2014
    Ratings:
    +1,486
    Local Time:
    9:26 AM
    Mainline
    10.2
    No unless you proxy the images or auto download as local copy.
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    I think what @RoldanLT meant is yes that will leak your IP unless you setup images to be served from a http forward (not reverse proxy) like xenforo does for proxy images. You can always verify this by posting link to a image from a server you own and then check your logs for ip address it reveals when accessed

    Also cloudflare needs setting up authenticated origin pulls to properly hide IP Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks
     
..