Cart

/ Domain name

/ Your .CO.UK domain
for only £ 4.99**

Get started with your own domain names

Register now

/ Other

/ Latest news

Launch of new Big Storage platform

Read more
Need help?

    Sorry, we could not find any results for your search querry.

    The webfilters on web hosting

    Via the control panel you can enable or disable a number of web filters for your web hosting package. In this article we explain how to do this and briefly explain what each filter is for.

    Log in to the control panel and click 'Shared Hosting' in the menu. Next, select your domain below 'Products'.

    Click the 'Security' tab at the top, followed by 'Webfilters'.

    Click security at the top, followed by webfilters.

    You can enable or disable the different filters by clicking the sliding button on the right side, below 'Status'. We will explain briefly what the different options mean.


    Groups

    SQL injection detection

    SQL injection detection checks for a number of possible database attacks. Upon detection, the source of the attack is blocked. SQL injection detection checks the following attacks/injections:

    • Blind SQL injection tests using sleep() or benchmark()
    • MSSQL code execution and information gathering attempts
    • MySQL and PostgreSQL stored procedure/function injections
    • MySQL charset switch and MSSSQL DoS attempts
    • MySQL UDF injection and other data/structure manipulation attempts
    • PostgreSQL pg_sleep injection, waitfor delay attacks and database shutdown attempts
    • SQL benchmark and sleep injection attempts including conditional queries
    • Basic MongoDB SQL injection attempts
    • Basic SQL injection. Common attack string for MySQL, Oracle and others
    • Integer overflow attacks, these are taken from skipfish

    Rules

    Disable /xmlrpc.php access

    xmlrpc.php is used by older versions of WordPress to connect to third party platforms. By disabling it you protect yourself against DDoS attacks via xmlrpc.php.

    Disable /autodiscover/autodiscover.xml access

    autodiscover.xml is used to automatically configure mail settings. Incorrectly configured mail software may cause repeated and unnecessary calls for the autodiscover.xml file. This can cause a load to the server. By disabling it you prevent this issue.

    Disable /wp-includes/wlwmanifest.xml access

    Disables wlwmanifest.xml (Windows Live Writer Manifest). Having this file enabled may cause bots to detect that you have WordPress installed. Once spotted, they may search for WordPress vulnerabilities.

    Disable .git/ access

    Disables access to a .git/ folder which could contain sensitive data.

    General rootkit protection

    General protection against rootkits. A rootkit is malware which tries to access your website/data.

    WordPress brute force protection

    Protection against brute force attacks on your WordPress website. Brute force attacks are automated attempts to guess for instance your password.

    In addition to the obvious implications of comprimised credentials, unsuccesful attemtps are also not desirable, as they result in a large number of requests being made to your web hosting. This can make your website slower than you are used to.

    If you try to log in multiple times with wrong login details, WordPress brute force protection may block your own IP temporarily. This will result in a 403 Forbidden error. You can check whether this is the case by logging in from a different IP address, for example via your phone's 4G/5G network.

    XML-RPC abuse protection

    Protection against brute force attacks via xmlrpc.php. xmlrpc.php is used by older versions of WordPress to connect to third party platforms.

    Joomla! brute force protection

    General protection for Joomla websites against brute force attacks.

    Joomla! googlemap2_proxy plugin abuse protection

    Protection against DDoS attacks which make use of a Google Maps plugin.


    In this article we explained how to enable or disable a number of web filters for your web hosting package.
     
    Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact us’ button at the bottom of this page.

    Was this article helpful?


    Provide feedback about this article

    Need help?

    Receive personal support from our supporters

    Contact us