Must for all sites powered by Word Press
-
I have been using this plugin for my site. When I started using this plugin I used to get compatibility issues. Now I am very much happy that I learn so much on how to set up this to protect from malicious attacks.
I can understand and really appreciate the authors patience and hard work to develop this plugin.
Though it is having some minor errors and compatibility issues, I prefer to rate this plugin 5*****. It also fine with other wordpress security plugins Wordfence, SecuriScanner, and Acunetix WP Security. Compatibility with bullet proof security plugin with Better WP Security Plugin not yet tested. I will verify with that too. Among these security plugins my first preference is for Better WP Security.
Hide backend feature for wp-login.php not working if some one try to hack “https://yoursitename.tld/wp-login.php?loggedout=true”. In this hack, wp-login.php along with secret code will be revealed. For that a minor change in the mod rewrite rules generated by this plugin in .htaccess should be changed.
The following is the code generated by this plugin in .htaccess
RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php?(yoursecretcode) [R,L]Now you can change like as follows:
RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php? [R,L]So that no one get your customized url for wp-login.php and secret code too. The will be redirected to 404 page. Make your 404 page customized. And when plugin updates, the above rewrite rule might get change. So, user has to change manually in each single update of this plugin. The above is just for temporary solution, one should wait for authors patch for this.
I need to test for wordpress 3.8 version.
- The topic ‘Must for all sites powered by Word Press’ is closed to new replies.