Royal slot gaming.Makakuha ng libreng 700pho sa bawat deposito

Resolved kristinubute
(@kristinubute)

1 year, 3 months ago

Hi

If someone could clarify these 4 settings below in Wordfence please would be great!

On current site NOW ALL plugins are updated, and wordpress at latest.

We haven’t set 2FA yet which I’m about to do, but worried I’m going to get locked out as ADMIN, that is my main concern.

Immediately block IPs that access these URLs – This sounds good if you want to catch a hacker (which I am trying to do). We are still trying to figure out HOW the dodgy people have accessed the website.

But it says ensure you don’t get locked out yourself if you access this URL.

So for example if I want to have domainname.com.au/simple.php

or domainname.com.au/baindex.php

These 2 dodgy files were added on a client site (we haven’t figured out how they got it yet still working on that). Even though the file is NOT there yet, if I add that URL just in case to LOCK the dodgy person IN CASE they ADD that file?

Not sure whether my strategy of thinking would work?

And they add a file called rnb or rnd also so I would add domainname.com.au/rnb also to cover that

Do you think that would work?

And this setting below, if someone could explain this setting please?

Scan wp-admin and wp-includes for files not bundled with WordPress – I love that by the sounds of it.

So it will be able to PICKUP any dodgy files added by malicious people that are NOT part of the wordpress files in those 2 main directories which I love the idea – and then it would BLOCK OR DELETE that file immediately OR what would it do ? Please advise.

If you could explain that would be great.

And these 2 settings below:

Scan file contents for backdoors, Trojans and suspicious code

Scan file contents for malicious URLs

What does it do when it finds it please? DELETE IT ? or just report it ?

Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter kristinubute
(@kristinubute)

1 year, 3 months ago

Sorry and this setting also

Disable Code Execution for Uploads directory

I am thinking that is a must to tick also ? OR as plugins use the Uploads directory I’m guessing MAYBE I don’t tick this?

I notice my backupbuddy uses Uploads directory AND other plugins also

THanks

Plugin Support wfpeter
(@wfpeter)

1 year, 3 months ago

Hi @kristinubute, thanks for your questions.

“Immediately block IPs that access these URLs” is certainly a good way to target a specific hacker if you notice a lot of traffic aiming for a specific file, especially if it doesn’t exist. You will block yourself and anybody else visiting it though, so be careful not to target any commonly used URLs on your site. It won’t stop somebody with administrative access placing a file in this location, just visiting it.

“Scan wp-admin and wp-includes for files not bundled with WordPress” would find anything that is not consistent with the current release of WordPress during a scan. If files have been modified, or new ones are present, you can pick to repair or delete them after a scan has found them. If you ever add a file yourself, you can tell the scan to “ignore” the result to avoid it being flagged in future. The further 2 settings you mention are also reported at the end of a scan, prompting you to take the recommended action(s).

“Disable Code Execution for Uploads directory” would refer to a situation where an attacker was able to upload a file containing PHP, possibly disguised as an image or other file WordPress allows your site users to upload. Visiting the path afterwards in a browser would execute that code and possibly damage your site, or modify other files in a way where they can gain access to your site. It won’t stop backups of files or other read/write attempts by plugins: https://www.wordfence.com/help/dashboard/options/#general-wordfence-options

Many thanks,
Peter.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Clarification on Immediately block IPs that access these URLs’ is closed to new replies.

Tags