Jelena

Hi,

Thanks for pointing this out.

We’ve downloaded the WordPress 4.9 version from www.ads-software.com and compared your list of files with the core installation files. In this regard, I can confirm the files you’ve provided (detected by Shield), are not WordPress core installation files.

Those files were part of the 4.9 version core installation files, but WordPress removed them later on.

Shield uses the currently installed version of WordPress for the scan. It doesn’t take into account what the “latest” version is. If your site reported 4.9 and these files weren’t part of the installation, it would act on that depending upon your preferences.

It would never delete files from an installation based on official distribution for a different/later/earlier version.

Hope that helps.

Regards,
Jelena

Hi,

As Paul said, you need to give us more details on this. It’s still unclear what issue you have there.

I assume that you’ve excluded the “webp” file from the scan but the scanner keeps detecting it as “unrecognised” and you don’t know what to do? Is the problem related to the file exclusion process or? Please clarify so we could help you out.

I’m also suggesting you to read this help article:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000069910-hack-protection-module-unrecognised-file-scanner-summary

Regards,
Jelena

• This reply was modified 7 years, 4 months ago by Jelena.

Hi Marty,

Yes, that’s what I’m saying.

The answer to your second question is no – Comments SPAM feature doesn’t support contact form.

Regards,
Jelena

It only blocks the URL for non-logged-in visitors. If you are logged in, the URL will work as normal.

Please read this blog article:
https://www.icontrolwp.com/blog/block-username-fishing-using-author-ids-scans-wordpress-security-basics-series-pt-6/

Regards,
Jelena

Hi,

Thanks for reaching out.

Yes, our plugin can be used on WordPress multisites.

The best thing is to use it and report if you find any trouble.

If you believe we can be of any further assistance, please feel free to contact us anytime.

Regards and have a nice day.

Jelena

Hi Marty,

Thanks for reaching out.

If you have comments disabled on your site but you keep the Comments SPAM feature enabled, the feature will not have any effect whatsoever. The spam filtering only gets activated when a comment is posted, or the comments form is loaded. You will not get spam comments if comments are disabled.

There’s no downside to enabling the option anyway. If you ever enabled comments just for 1 post only, you’ll be protected.

I hope this answers your question.

Regards,
Jelena

Hi,

Thanks for reaching out to us.

The best solution for the problem you’ve described would be to try to debug it.

If you find something isn’t working on your site and you think it’s relating to our security plugin here is what you need to do to debug it, and then report it with as much detail as you can here (in the WordPress support forum):
https://icontrolwp.freshdesk.com/support/solutions/articles/3000043594-there-is-a-plugin-conflict-how-can-i-debug-this-to-help-the-developer-

Hope this helps.

Regards,
Jelena

• This reply was modified 7 years, 5 months ago by Jelena.
• This reply was modified 7 years, 5 months ago by Jelena.

Hi,

Many thanks for contacting us and for the detailed problem explanation.

Shield plugin is founded on using standard WordPress API/hooks/filters. If you are using a custom login form that doesn’t use these standards, then it’s possible that the form doesn’t fire the necessary WordPress hook that allows us to insert the checkbox.

In this case, you have 2 options:

1 – Turn off the GASP option within the Login Protection module since your custom login form doesn’t support it; or
2 – Don’t use a custom login plugin/theme or use one that supports standard WordPress login hooks.

The other possibility is that the browser may not be setup to support Javascript.

The options are:

1 – Enable Javascript on the browser; or
2 – Disable the GASP option.

Hope this helps.

Regards,
Jelena

Hi,

Thanks for contacting us.

Please check the Audit Trail log to learn what exactly is being blocked. Please see here:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000070244-review-your-wordpress-site-activities-with-the-audit-trail-viewer-

The Audit Trail Viewer is the best way to determine what is blocked by the Shield.

Let us know what you found.

Thanks!

Regards,
Jelena

Hi,

Many thanks for contacting us and pointing out the problem.

Login Protection and Comments SPAM modules should work independently.

We’ve been able to replicate the settings and we can confirm that Google reCAPTCHA option doesn’t work properly. We’ll look at it in more depth and fix the problem.

Thanks one more time and if you have any other questions, please feel free to contact us anytime.

Regards,
Jelena

• This reply was modified 7 years, 5 months ago by Jelena.

Hi,

Thanks for contacting us.

We released an update to let people use paths, as well as file names. You’re using windows and so paths are structured different. We’ll be releasing an improvement to this in the next release which will hopefully fix the problem.

If there’s anything else we can help you with, please feel free to contact us anytime.

Regards,
Jelena

Hi,

Thanks for contacting us.

The only way to access your WordPress login page is through the new URL you have created.

If you forget the new URL or for some reason it doesn’t seem to work for you, please follow this guide:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959

It will temporarily turn off all plugin features, and you’ll be able to login and change it if you want.

For more information on Rename WP Login Page, please read this blog article:
https://www.icontrolwp.com/blog/security-rename-wordpress-wp-login-php/

Let us know if you have any trouble.

Regards,
Jelena

Hi,

Thanks for contacting us.

If you want to exclude file from the scan, make sure you add the file name, not the file path. We’ll probably be adding support for paths at a later date.

Here’s more information about the unrecognised files exclusion:
https://www.icontrolwp.com/blog/extensions-security-scanner/.

Many thanks for your time and if you have any trouble, let us know. We’ll be glad to help.

Regards,
Jelena

• This reply was modified 7 years, 6 months ago by Jelena.
• This reply was modified 7 years, 6 months ago by Jelena.

Hi,

Many thanks for your message. That was a very good question.

With the Shield Security plugin, we haven’t provided the 2FA CSS customization functionality.

We probably will in the future, and it will probably be provided in the Shield Pro version.

If there’s anything else we can help you with, please feel free to contact us.

Regards,
Jelena

• This reply was modified 7 years, 6 months ago by Jelena.

Hi,

Thanks for contacting us.

To change the number of failed login attempts that are allowed, you can update the transgression limit (option under the “IP Manager” feature), and here’s how to do this: https://icontrolwp.freshdesk.com/support/solutions/articles/3000040096

For more useful information about the transgression limit and the Automatic IP Black List system in general, read our blog article here: https://www.icontrolwp.com/blog/wordpress-security-plugin-update-automatically-block-malicious-visitors/

As to error messages, Shield Pro will allow you to customize messages. It is currently under development.

If there’s anything else we can do for you, please feel free to contact us anytime.

Regards,
Jelena