More stealth mode for WF

  • Resolved morespinach

    (@morespinach)


    5 years, 4 months ago

    Hello. Love this plugin and it’s a part of our starter pack for websites. Issue: when showing errors such as login lock (brute force protection), it shows a giant Wordfence logo. This reveals more than we’d like to reveal. Please advise where the option is to hide this inane self-branding, which ironically actually makes our website less secure. Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @morespinach,

    There’s a few reasons why Wordfence displays its logo on blocked/locked pages.

    1. By mentioning “Wordfence” on the block pages, it makes it much easier to debug false positives. This allows you to instantly know that Wordfence is responsible for the blocks, and not some other plugin.

    2. There is very little to no risk in letting users or potential attackers know which software they were blocked by. They can easily find out through other means, and relying your security on hiding information is considered “security through obscurity”.

    3. Most attacks that occur are blind attempts. This means they don’t even check what your server is running, or what they were blocked by. If an attack succeeds, they continue, if not, they go to the next site.

    However, if you still want to change the block pages, they can be found in:

    wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/views/

    Dave

    Thread Starter morespinach

    (@morespinach)

    Thanks. I’m sure bots are being blocked, but embarassingly our users get this and are confused by the giant Wordfence logo, with nothing from our own branding shown. I’m sure Wordfence can be a tiny logo in the footer. That’ll serve the same purpose you mentioned in #1.

    Anyway, what should we do with the URL of the ‘views’. Manually change the HTML inside them? Will this be preserved with a plugin update?

    Plugin Support wfscott

    (@wfscott)

    @morespinach

    Unfortunately this will not be preserved after updates.

    You may also have to change the following, in addition to the file(s) in views:
    /plugins/wordfence/lib/wf503.php
    /plugins/wordfence/lib/wfLockedOut.php

    Let me know if you have any questions.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘More stealth mode for WF’ is closed to new replies.