Good, but with serious flaws

  • Well, I am not sure why, but this plugin somehow works, but in some key points seriously lacks any functionality at all:

    1.) It still allows USERNAME REVEALING to not-logged-in user, like public user, which can enumerate all usernames. WP somehow does not consider this a security flaw, but if hacker gets to know username out of username+password combination, that’s 50% of credentials revealed! Serious as hell if you ask me.

    2.) LOGIN WHITELIST does not work. I did enter my home and office IPs to only allowed source IPs, but I still get alerts of brute force logins from other IPs.

    3.) Seems like only APACHE server is 100% supported. NGINX like some 50% or websites…not supported? I mean, maybe lack of functionality is due to the fact, that I run NGINX?

    Beside those, I am pretty satisfied. Hope it improves in near future.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Thank you for your 3 star review ??

    In regards to your questions, can you create a support ticket.

    Kind regards

    No. Not me. I ranked you 5 star. the 3 star is labsy’s (@labsy)
    you are talking to the wrong guy ??

    Hi again,
    i use your All-in-one but someone hacked the website database and managed to get the username of the administrator. how could i prevent it from happening again. (accessing the website database?
    please advise.
    thank you.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @andyrogers, please create a support ticket. This section is only meant for reviews.

    Thank you

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Good, but with serious flaws’ is closed to new replies.