WPIDS – WordPress Intruder Detection System
WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible to check all delivered user-generated content for malicious code, like SQL Injection/XSS/CSRF, and so on. In short, its a defense plugin for WordPress that BlogSec members have been working on for a few months now. I would say it was more of an Intruder Prevention System then an Intruder Detection system.
The primary features of WPIDS are as follows:
1. If an attack is detected, a number of checks are performed and a risk level is applied to the attack risk. So the higher the impact is, the more likely is it that the the request will be blocked.
2. The other component is called WP-Lockdown, this component adds more static checks to your WordPress install and checks for known and widely used intrusion attacks. To provide a high level of usability the plugin does not check the content or comments, but we are already working on a new version which includes HTMLPurifier which will add some extra security to these fields.
For feature requests and questions about WPIDS please drop by the official forum. For general problem with PHPIDS please use their official forum or Bugtracker. If you stress test your Website for fun(or just by luck) and you found some harmful string which isn’t caught by PHPIDS please report them so that we can improve the project and move it forward.
Now one last important note before you can grab your copy of WPIDS, in order to run it you need a webserver which runs PHP 5.1.6+. If your webserver doesn’t run with PHP5 ask your web hoster if they’re going to update it (as PHP4 will reach its end of life at the end of 2007). Without PHP5.1.6 you won’t be able to use WPIDS as PHPIDS requires this. WPIDS will still work without PHP5, however, it will be limited to WP-Lockdown’s checks only.
You can grab your Copy from the official PHPIDS website.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
[...] evening, I downloaded a new WordPress security plugin on the recommendation of Gareth Heyes on the GeekUp list. I read through the description, skimmed [...]
BOK, that where some initial problems which are now gone. The current version shouldn’t cause any problems with your usual bloggin behave.
tried to activate the plugin and got this error:
Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /home/li/public_html/gadgetsandsuch/wp-content/plugins/wp-ids/IDS/Monitor.php on line 34
Afterwards, I could not access the backend or frontend of my site until I deleted the wpids folder itself
planner you made sure that you’re using PHP5.1.6 at least? That’s some usual error which occurs when your Server doesn’t support PHP5, as earlier versions wheren’t really OOP and therefore don’t know this Syntax.
[...] author of Wordpress Intruder Detection System (WPIDS), Philipp Heinze, has release the latest stable version of his tool. Its containing some [...]
[...] quest for security should start with installing the wp-scanner and loginlockdown as well as WPIDS (WordPress Intruder Detection System) plugins. It’s as easy as right-clicking on the download link at blogsecurity.net and clicking [...]
[...] – Wordpress Intruder Detection System: http://blogsecurity.net/wordpress/wpids-wordpress-intruder-detection-system/ WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible [...]
It seems me a good plug in but i m looking for a plugin that can find the illegal use from the IPS so that i can block them, as i m facing lots of unknown resource sharing.
What’s the additional benefit of this to someone who uses mod_security and iptables and the like at a server level?
With the Centrifuge of PHPIDS it’s possible to detect intrusions which you didn’t stopped with mod_security, as you forgot some Rule, or the attack vector may be totally legit within mod_security, but does contain harm potential.
IpTables at all isn’t able to filter any Bad Input through your Open Ports(it only decides which ports are open), nor would I at all say that these Both share the same intented usage. IpTables is like the House, and WPIDS/Mod_Security are the bouncers who keep the Bad guys out.
hi
the admin page tells me there is a new version of the filter available.
it links me to a xml file, but i cant find where to place it, it looks like you’re using a JSON file.
please help, i don’t like having an old filter file.
sorry for the second comment…
i found this in the config file:
filter_path = /full/path/to/IDS/default_filter.xml
looks like one would need some additional steps to configure phpids.
or is this file out of use?
now i found a default_filter.xml somewhere, but there is also a json file, what one is used, and where do i get the new json file?
When you have installed Wordpress 2.6 WP-IDS disables picture upload and blocks the bot-tracker plugin. Very sad! So i had to uninstall WP-IDS.
I updated the Plugin Compatibility page in the WordPress Codex to reflect that this plugin breaks the WP 2.5-2.6.x media loader. No disrespect intended. There’s just no news of a fix or patch, so WP admins need to know.
[...] لنأتي الى الإضافات هذه، وهي: WPIDS – WordPress Intruder Detection System هي نسخة من PHPIDS الذي ذكرته في تدوينة سابقة، ولكن مخصص [...]
Add Media broke for me as well with wp-ids active. It kept redirecting out of the admin to the website.
I tried WPIDS some two weeks ago. Afterward I couldn’t even post to my own weblog anymore, so it was a short love-affair…