Frequently Asked Questions

• How does the Managed Rule Group – Virtual Patches for WordPress work?
  • AWS WAF customers that want targeted protection against attacks against WordPress applications can purchase the Virtual Patches for WordPress RuleGroup from the AWS Marketplace or directly in the AWS WAF Console. Once the customer completes the purchase, the RuleGroup will be available for the customer to assign to the customer’s WebACL (Web Access Control List), after which it will begin operating.
• What types of WordPress vulnerabilities does the RuleGroup cover?
  • Coverage will include the most recent 6 months of WordPress or WordPress plug-ins Common Vulnerabilties and Exposures (CVEs) where there are exploit samples available. The rolling six month coverage means that rules older than six months will be retired from the RuleGroup.
• How often are these managed rules updated?
  • Alert Logic Threat and Exploit Intelligence continually evaluates new vulnerabilities as they are released and integrates them into this ruleset.
• How are these rules tested?
  • Alert Logic experts performs a full regression test on the entire ruleset during the release process. This testing insures that the rules perform as designed before they are released and any failure in regression testing results in the release being terminated.
• How do you discover vulnerabilities to cover?
  • Alert Logic sources new vulnerabilities from numerous online WordPress vulnerability databases and proprietary Alert Logic Threat Intelligence including:
    • Official WordPress Security releases
    • Alert Logic Threat and Exploit Intelligence
    • WPScan Vulnerability Database
    • Exploitdb
• Why did Alert Logic choose to develop the Virtual Patches for WordPress RuleGroup?
  • WordPress is the most commonly used content management system in the market. With close to 30% of all websites leveraging WordPress and associated plug-ins, Alert Logic wanted to create a RuleGroup that could help the many application developers trying to stay ahead of the exploitable vulnerabilities for WordPress being released regularly.
• How is the Virtual Patches for WordPress RuleGroup priced?
  • Virtual Patches for WordPress follows the standard pricing convention for the Partner Managed Rules Program. Customers are charged a monthly RuleGroup charge per region and a usage based request charge per million requests. Alert Logic’s Manager Rules for AWS WAF– Virtual Patches for WordPress has a $14.00 per month RuleGroup fee. The request charge is $0.60 per million requests per month.
    
    Example: A WordPress application in two regions with 2 million requests per month would have the following fee. ($14.00 per Rule Group per Region X 2 Regions )+ ($0.60 per million requests per month X 2 million requests) = $29.20 per month.
• Where can I buy the Virtual Patches for WordPress RuleGroup?
  • The Virtual Patches for WordPress can be exclusively purchased from either the AWS Marketplace or from within the AWS WAF Console.
• Can I see the rules within the Virtual Patches RuleGroup that I purchase?
  • All rules in RuleGroups that are part of the Partner Managed Rule program are obfuscated from the end-user to protect partners intellectual property. If you are having an issue that you and the AWS WAF support team believe is caused by the Virtual Patches for WordPress RuleGroup, you can contact Alert Logic for help analyzing the issue.
• Can I use the Virtual Patches RuleGroup with my own rules or other Partner Managed Rules RuleGroups?
  • Yes, the Virtual Patches for WordPress RuleGroup can be added to your AWS WAF along with your own custom rules, as well as up to two additional RuleGroups from other Partner Managed Rules RuleGroup offerings.
• Where can I get answers to technical questions for the Virtual Patches RuleGroup?
  • Consult the Alert Logic Knowledgebase for answers to common questions, implementation details, and recommended troubleshooting steps.