Protection against the WordPress “large comment” security bug

The authors of WordPress today released version 4.2.1 that fixes a critical security bug.

While upgrading is always a good idea, we’ve blocked the attack for all versions of WordPress on all sites that we host. We’ve also verified using our MySQL binary logs that no sites were attacked before we started the blocking.

Can I see the mod_security rules?

Although our customers are fully protected, we’re often asked to share our mod_security rules when we post something like this. If you’re the technical person running a server for other people who use old versions of WordPress, something like this should stop the attacks:

SecRule REQUEST_LINE "^post .*/wp-comments-post\.php" "deny,auditlog,chain"
SecRule ARGS_POST:comment ".{65530}"

(You may want to add similar rules for other comment fields out of caution, too.)