search

coreruleset / wordpress-rule-exclusions-plugin

Rule exclusion plugin for WordPress.
Apache License 2.0
10 stars 6 forks source link

Wordpress custom post types are not taken into account. #24

Closed romainmenke closed 10 months ago

romainmenke commented 10 months ago

Some rules have hard coded options for possible content types, e.g. post, page, but these do not take into account that theme developers might add custom post types.

For example rule with id 9507140 : 

# Gutenberg
- SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages)" \
+ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:[-_a-z0-9]+)" \
    "id:9507140,\
azurit commented 10 months ago

@romainmenke WordPress exclusion rules plugin, currently, works only with vanilla WordPress and there is no support for plugins and themes.

romainmenke commented 10 months ago

That is understandable 👍 Thank you