Suggestions and BWPS 4.0

  • Hi everyone,

    Thank you all for the support of this plugin! I am working hard on the next major release which I hope to have out by WordCamp Miami in early April. So far I have the folloing on the feature list:

    * Import-export function
    * Better division of basic/advanced options
    * Two-factor auth
    * Admin action logging
    * Improved documentation and commenting
    * Improved performance of existing features
    * A new way of providing support

    As for the latter, it’s no secret that I haven’t been monitoring these forums often and, frankly, I do not plan to change that in the future. What I will be moving to will be a paid support option similar to the models in place by W3 Total Cache and other plugins. In this scenario the forums themselves will continue to function as a community supported knowledge base with this single suggestions thread monitored by me.

    In addition, if anyone would like to contribute features, code, etc I am in particular need of IIS compatibility as I don’t have the experience with IIS to add it myself. I’ve moved development of the project to GitHub at https://github.com/ChrisWiegman/Better-WP-Security and will gladly include any provide patches or additions while providing proper recognition to those who contribute.

    Finally, Please keep your comments in this thread to suggestions only. If you are stuck search the forums, look at the faq, or get in touch with me outside of the forums. I’ve been hard at work providing free support to anyone who asks and I do not plan on changing that model until the 4.0 comes out.

    Sincerely,
    Chris Wiegman
    Developer
    Better WP Security

    https://www.ads-software.com/extend/plugins/better-wp-security/

Viewing 15 replies - 16 through 30 (of 81 total)

  • Did you remove the repository from GitHub ?

    @danielmartins Nope….

    …Although I realized I moved it from my personal account to Bit51 (https://github.com/bit51/Better-WP-Security). Sorry about not updating that one.

    No problem!.. and thanks to put the src code on github.. makes easy do collaboration with the project.

    I think it’s better write suggestions on the issues tab on github than here.

    So, I’ll write some suggestions there.

    And thanks fot this essential plugin for any wp instance.

    Thanks Daniel!

    Great plugin, thanks for all of your work!

    It would be nice to have seperate ban/lockout setting based on the username they attempt to login with. For example, I would like to immediately block anybody that tries to login with the “admin” username.

    Please add the feature to disable the “Lost your password?” link and password recovery function in the wordpress login.php interface.

    I get hundreds of ‘bots a day probing my site for vulnerabilities with the “Lost your password?” link. It really needs a built in option to be disabled it. Since that is not the case you can claim this feature and allow us to disable this annoyance in your plugin.

    Richard

    My problems with existing script is ‘excess’ 404s, that is, no way to exclude file types (W3 Total Cache plugin .htaccess method of skip WordPress 404 error handling for static files does not work) or whitelist my own IP.

    Also it seems Enable Banned Users keeps turning itself back on.

    Adds up to choice between legitimate users being locked out and disabling 404 detection.

    I really like your plugin as it’s been very effective. Kudos!

    A perfect “Login” page option would be to deny and permanently ban ALL attempted admin logins except those listed in a box, one per line … OR … deny ALL admin logins except for users identified as having “Administrator” privileges.

    ANY attempt to use “admin” as a login should instantly and permanently BAN the IP.

    Thank you for this plugin – it is a must-have.

    Another vote please for enhancing the ‘Hide Backend’ to only allow it to be visible to only a whitelist of IPs.

    Many thanks.

    great job!
    show IPs of bad login attempts, not only when they’re locked out

    Slight code change to bit51.php line 353:

    if( ! is_wp_error( $feed ) ) {
    $feeditems = $feed->get_items( 0, $feed->get_item_quantity( 5 ) ); //narrow feed to last 5 items
    }

    Sorry don’t have time for GIT today.

    Cheers.

    Anonymous User 388516

    (@anonymized-388516)

    My suggestion is to implement file protection for common leftover file extensions, such as in wp-config.php.bak, wp-config.php.original, .swp, etc.

    I get 404 logs all the time from attackers trying to exploit those.

    Here’s a starter, from a random site that I found:

    # Block access to backup and source files
# This files may be left by some text/html editors and
# pose a great security danger, when someone can access them
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

    @designerbydesign,

    I noticed an error message about line 353 on bit51.php. Did you post the fix? Should we replace the current line of code with the code you provided? Or were you just identifying the issue?

    Not fixed, just a suggested fix as the feed wasn’t found and caused an exception on my local machine.

    Hi all,

    I’m working hard on the suggestions (I might not reply here but I have a large Trello board containing all of them for prioritization). Admittedly my original hope of shipping 4.0 this Spring looks to be unattainable. I’ve switched day jobs this month and the transition is slowing me down a bit.

    As for the line 353 issue, I’ve fixed that this morning in 3.4.10. It appears Feedburner has lost my feed ( a problem for another day) so I’ve both added a working feed and better error checking should the feed drop out again.

    Thanks,
    Chris Wiegman
    Developer
    Better WP Security

Viewing 15 replies - 16 through 30 (of 81 total)
  • The topic ‘Suggestions and BWPS 4.0’ is closed to new replies.