Complete solution, or additional measures useful?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Hi Marc,

    All good questions and I would say that you’ve just got to find something you’re comfortable with.

    I use this plugin (obviously ?? ) with CloudFlare on all my sites and we’ve yet to be hacked and I have zero problem with comment spam.

    If you have all the features of this plugin installed, with regards WordPress you:
    – are protected against brute force login attacks
    – all user logins are authenticated i.e. all users verify they are who they say they are when they login (two-factor authentication)
    – you are protected against automated bot-based comment spam: I dare say one of the most powerful available
    – you are protected against human entered comment spam using a publicly, free, available content scanner
    – you have full control over WordPress automatic updates
    – you have users sessions: you can see who is logged in, from where, and you can control how long sessions last and when they expire.
    – you don’t need to “hide” your wp-login.php because you’re protected against brute force logins.

    Separately:
    -while the plugin lets you hide/change your WordPress version, it usually causes more problems than it’s actually worth. Hiding your WordPress version isn’t a security measure. If you keep your WordPress version up-to-date, what is there to hide? Lesson – keep your WordPress up-to-date

    – This plugin doesn’t disable anything related to XML-RPC. Again, this isn’t quite a security vulnerability. I may yet though add an option to disable XML-RPC altogether, but this will kill your iPhone/Android app.

    – you should change your WordPress database prefix from the default wp_. You don’t need a plugin to do this and you shouldn’t really, because other plugins can be hard-wired with your prefix. This should always be tested and done in a controlled manner – ideally during installation.

    – this plugin actively doesn’t edit or modify your .htaccess and wp-config.php files ( https://www.icontrolwp.com/2014/05/wordpress-security-wordpress-simple-firewall-plugin-part-1-why/ ). You should research some standard/basic .htaccess rules to protect the basics of your site (we will release an article on the blog for this soon). Again, you don’t need a plugin for this.

    I hope that helps Marc! ??
    Cheers,
    Paul.

    Thread Starter Marc Bijl

    (@newoceans)

    Hi Paul,

    Thnx for all the info, great! A question though. You write:

    I may yet though add an option to disable XML-RPC altogether, but this will kill your iPhone/Android app.

    What app do you mean?

    And another one: if I start using this plugin (as a non-geek), where can I find the best step-by-step manual?

    Cheers,
    Marc

    Plugin Author Paul

    (@paultgoodchild)

    There is no one single downloadable manual, but there is a series of 6 parts that starts here:
    https://www.icontrolwp.com/2014/05/wordpress-security-wordpress-simple-firewall-plugin-part-1-why/

    As to the App I’m referring to, if you disable XML-RPC, then the WordPress iPhone/Android apps will not work.

    Hope that helps!
    Paul.

    Thread Starter Marc Bijl

    (@newoceans)

    Hi Paul, thnx for the additional info! ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Complete solution, or additional measures useful?’ is closed to new replies.