Tag: waf

WordPress XSS and SQL injection CVEs are exploding because AI now finds them faster than you can patch. This ModSecurity CRS plugin is the last wall: 40+ rules, typed-parameter SQLi blocking, rate limiting and GeoIP — before PHP ever boots.

A beginner-friendly, step-by-step guide to installing ModSecurity and the OWASP Core Rule Set on NGINX for Debian and Ubuntu — from zero to a live WAF without taking your site down.

ModSecurity v3 with the OWASP CRS blocks SQL injection, XSS, shell injection, and scanner traffic at the HTTP layer. This guide covers installation, CRS paranoia levels, WordPress tuning, false positive handling, and performance impact.