All In One WP Security & Firewall: protection against a SHELL attack

Security plugins have a limited, at best, ability to protect against exploitation of vulnerabilities in plugins, so if there really is vulnerability in the plugin the way to insure you are protected is for the vulnerability to be fixed or for you to remove the plugin until it is fixed.

You say their might be a vulnerability, have you attempted to determine if it actually exists? Have you contacted the developer of the plugin or the Plugin Directory about the issue?

@fourwhitesocks what @white Fir Design is saying is correct and you should really investigate if the plugin in question has a vulnerability with the plugin developers. If it does then you really should remove this plugin until it is fixed.

Let me know if you need more information or help.

Kind regards

Ok thank you both, I do understand completely what you are both saying, and I have already reached out to the plugin author.

What I think I’m really asking here is: does the ALIWPS & Firewall have the capability to protect against this type of SHELL attack, at least based on the short (might be too short) description that was given that I put in my first post? That’s my real question tho.

Thank you all for helping.

Hi, @fourwhitesocks this plugin cannot protect your site from being hacked via the Server side as per the information shared.

“Shell” indicates an attack that allows an attacker to upload a shell to the target site which gives them full remote access. These are the most serious vulnerabilities and attacks.

Only server administrators can protect the server from being hacked via SSH injections. A good host will always go to extreme length to protect their servers from being attack via SSH injections. What this plugin does is protect your site from Brute Force attacks, spammers and more.

Now if a plugin or theme has some vulnerability in their code, then perhaps a hacker can use that to inject some nasty code and do a lot of damage to your site by adding some very bad links to bad sites and more. This plugin does not run a code check on plugins and themes with vulnerabilities in their code.

I always recommend people to investigate further by researching the plugin and theme they are using or would like to install. There are tools out there that can help you test plugins and themes. You should also only install plugins and themes from trusted and reputable developers, developers that constantly improve the plugins and theme via regular updates, developers that have a product that is up to date with the latest WordPress version, developers that follow WordPress standards “after all you are running WordPress CMS for your website” and plugins and themes that have great reviews. These are just simple steps to follow that will further protect your site. There is more that can be added to this list, but I just thought of sharing some basic points to you.

At the end of the day this plugin will help you sleep better at night knowing that your site is very much protected. The developers are constantly improving this plugin and adding more features to protect websites against hackers.

Let me know if you need more information.

Wow thank you for that very in-depth answer, I appreciate that very much! I do have a good security plan but was just wondering about the SHELL attacks.

Upon asking the author of the plugin it was also explained to me that there are no current vulnerabilities since a major over-haul of the plugin’s security plan a few years ago. The list I saw was a list of ‘attempted’ SHELL attacks, not necessary that they were actually successful attacks via the plugin; so I do feel better about understanding it better now.

One last part of my question. Would installing an SSL on my sites help with this sort of attack?

Thank you!

We have never heard of something referred to as a shell attack before, what you are quoting about that is from Wordfence and it seems they are trying to create a new term by mixing up what a shell usually refers to, a file containing code that allows the hacker to make further changes to the website, with a type of exploit that could allow such a file to be placed on a website. It doesn’t seem make much sense to do that, when there are already widely used and more accurate terms for that type of vulnerability, which don’t create that type of confusion.

A more accurate term for that type of vulnerability is an arbitrary file upload vulnerability. That type of vulnerability has a variety of different underlying causes, many of them are caused by upload functionality that does not have proper security restrictions in place. So it would be rather hard for a security plugin to protect against them in generic fashion since there isn’t a single origin point for them.

You would probably be better off with a tool that includes data on what vulnerabilities actually have existed in the plugins being used, so you are not guessing whether a plugin has a vulnerability or having to contact the developer each time. It would also warn you if are using a vulnerable version of a plugin without you having be constantly monitoring for vulnerability disclosures yourself (we offer such a tool, so we are biased in suggesting that).

SSL will not prevent the exploitation of vulnerabilities in plugins, since encrypting the connection between the hacker and the website shouldn’t have an impact their ability to exploit a vulnerability.