Wordpress Sucuri Wordpress Brute Fore Attacks Report

This Sucuri security plugin is very helpful to find malware on my site. Before I use this plugin I don't know what I must to do with malware or injected script on my site.


Above picture is based from GTmetric and I try to find the redirect page for a week with zero result. After I use sucuri they detect a lot of malware in theme I used. Because I don't want wasting my time to remove all malware so I decide to delete the theme and change it with another theme (The easiest way and save my time) , now all redirect is gone. Thanks to Sucuri.


Now I have install sucuri on my site. Based on picture above they recommended to use that security. Unfortunately their tutorial is for apache and use it on htaccess. Because now I use Centminmod, how I can implement those security on nginx?

 

did you mean uncoment this?

#include /usr/local/nginx/conf/block.conf;

 

wew.. why I don't have it on mydomain.com.conf?

here is my conf:

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name mydomain.com;
#            return 301 $scheme://www.mydomain.com$request_uri;
#       }

server {
  server_name mydomain.com www.mydomain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/mydomain.com/log/error.log;

  root /home/nginx/domains/mydomain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  try_files    $uri $uri/ /index.php?q=$request_uri;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

 

I used centmin mod 123.09beta01 but I think this is because I never use ./centmin mod option 2 to build vhost, I always use mass vhost builder. Ok, @eva2000 I will adding it manually.

Anyway, I just know why my site has so many redirects. It's all because of histats, so be careful guys because this can make all your visitors gone.