WPIDS - WordPress Intruder Detection System
Filed Under (Tools, WordPress) by Philipp on 22 November 2007

WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible to check all delivered user-generated content for malicious code, like SQL Injection/XSS/CSRF, and so on. In short, its a defense plugin for WordPress that BlogSec members have been working on for a few months now. I would say it was more of an Intruder Prevention System then an Intruder Detection system.

The primary features of WPIDS are as follows:

1. If an attack is detected, a number of checks are performed and a risk level is applied to the attack risk. So the higher the impact is, the more likely is it that the the request will be blocked.

2. The other component is called WP-Lockdown, this component adds more static checks to your WordPress install and checks for known and widely used intrusion attacks. To provide a high level of usability the plugin does not check the content or comments, but we are already working on a new version which includes HTMLPurifier which will add some extra security to these fields.

For feature requests and questions about WPIDS please drop by the official forum. For general problem with PHPIDS please use their official forum or Bugtracker. If you stress test your Website for fun(or just by luck) and you found some harmful string which isn’t caught by PHPIDS please report them so that we can improve the project and move it forward.

Now one last important note before you can grab your copy of WPIDS, in order to run it you need a webserver which runs PHP 5.1.6+. If your webserver doesn’t run with PHP5 ask your web hoster if they’re going to update it (as PHP4 will reach its end of life at the end of 2007). Without PHP5.1.6 you won’t be able to use WPIDS as PHPIDS requires this. WPIDS will still work without PHP5, however, it will be limited to WP-Lockdown’s checks only.

You can grab your Copy from the official PHPIDS website.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Read and Contribute to BlogSec News!

Comments

BOK on 22 November, 2007 at 9:05 pm #

I tried WPIDS some two weeks ago. Afterward I couldn’t even post to my own weblog anymore, so it was a short love-affair…


I’ve made a useless WordPress plugin you might find useful… at simonwheatley.co.uk on 23 November, 2007 at 12:43 am #

[…] evening, I downloaded a new WordPress security plugin on the recommendation of Gareth Heyes on the GeekUp list. I read through the description, skimmed […]


Philipp on 23 November, 2007 at 10:38 am #

BOK, that where some initial problems which are now gone. The current version shouldn’t cause any problems with your usual bloggin behave.


planner on 24 November, 2007 at 8:54 am #

tried to activate the plugin and got this error:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /home/li/public_html/gadgetsandsuch/wp-content/plugins/wp-ids/IDS/Monitor.php on line 34

Afterwards, I could not access the backend or frontend of my site until I deleted the wpids folder itself


Philipp on 25 November, 2007 at 8:50 am #

planner you made sure that you’re using PHP5.1.6 at least? That’s some usual error which occurs when your Server doesn’t support PHP5, as earlier versions wheren’t really OOP and therefore don’t know this Syntax.


WPIDS 0.1.1 is Now Available | Aufklarung Journal on 26 November, 2007 at 5:26 pm #

[…] author of Wordpress Intruder Detection System (WPIDS), Philipp Heinze, has release the latest stable version of his tool. Its containing some […]


» Blog Security! Hogsback Media Networks: Personal Publishing Solutions for a New Media 2.0 world on 4 December, 2007 at 11:12 pm #

[…] quest for security should start with installing the wp-scanner and loginlockdown as well as WPIDS (WordPress Intruder Detection System) plugins. It’s as easy as right-clicking on the download link at blogsecurity.net and clicking […]


Security: bulletproof your Wordpress blog | Design daily news on 6 December, 2007 at 10:01 pm #

[…] - Wordpress Intruder Detection System: http://blogsecurity.net/wordpress/wpids-wordpress-intruder-detection-system/ WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible […]


Vineet Kumar on 27 February, 2008 at 12:53 am #

It seems me a good plug in but i m looking for a plugin that can find the illegal use from the IPS so that i can block them, as i m facing lots of unknown resource sharing.


Shanx on 16 March, 2008 at 10:54 am #

What’s the additional benefit of this to someone who uses mod_security and iptables and the like at a server level?


Philipp on 17 March, 2008 at 8:17 am #

With the Centrifuge of PHPIDS it’s possible to detect intrusions which you didn’t stopped with mod_security, as you forgot some Rule, or the attack vector may be totally legit within mod_security, but does contain harm potential.
IpTables at all isn’t able to filter any Bad Input through your Open Ports(it only decides which ports are open), nor would I at all say that these Both share the same intented usage. IpTables is like the House, and WPIDS/Mod_Security are the bouncers who keep the Bad guys out.


pepijn on 9 April, 2008 at 4:44 pm #

hi

the admin page tells me there is a new version of the filter available.
it links me to a xml file, but i cant find where to place it, it looks like you’re using a JSON file.

please help, i don’t like having an old filter file.


pepijn on 9 April, 2008 at 4:49 pm #

sorry for the second comment…

i found this in the config file:
filter_path = /full/path/to/IDS/default_filter.xml

looks like one would need some additional steps to configure phpids.
or is this file out of use?

now i found a default_filter.xml somewhere, but there is also a json file, what one is used, and where do i get the new json file?


wpmike on 26 June, 2008 at 5:02 am #

Anyone having problems with this plugin not creating the necessary database tables upon activation?


Comment
Name:
Email:
Website:
Message: