nathaniel45

I use WP Cerber Security I know they had issues and fights with WordPress but these sites are not eCommerce sites that are heavily trafficked. WP Cerber Security has worked great so far. I was on a VPS with one host and out of the blue memory usage was way up. It was getting time to renew. After really watching the traffic and memory usage there was just no way. I felt at that time the host was up to no good. I then moved all sites to Cloudflare and the memory was still maxing. I left that host for one that offered me 3x more CPU and 4x the memory and 10x the bandwidth for less then what I was paying for 4 core CPU and 2GB mem.

I’ll see what the firewall settings might be offered in WHM and/or ask the host. I’ll also look at the mu-plugin. If you want the honeypot code to look at let me know. I use WP Code to run much of my snippets like this instead of putting them in the functions file. So much easier.

I think I may have figured out how they might be getting past and why the URI Path option might be best. It looks as if they are reaching the account/ page. They are using the this site as sub domain of the main set on the host. This is a new host and things are setup differently then my last. Looks like I have to block the sub domain using URI full.

It also turns out that Turnstile wasn’t working as that wasn’t the correct domain set for the key.

• This reply was modified 1 month, 2 weeks ago by nathaniel45.

I’m not sure how you are stopping them totally on your registration page as I had a few today and one just now try again. How many extra inputs do you have on your registration page? This client only wanted one extra “affiliation” extra then first and last name, email address and password. I noticed that the other clients I have are not spammed up like this but they ask many more questions.

Last night, I added to my code to tell me were the submission originated and it’s the account/ page. I just wanted to rule out them getting past the page. They would still have to crawl it as they are entering info in my honeypot. If the honeypot is hit the submission is blocked and I’m emailed a notice with what was entered and the IP address. “flagged bot new account registration {ip address here} entered: {a url they always enter}”

I just edited it from checking URI FULL to URI Path. Maybe that’s the trick.

• This reply was modified 1 month, 2 weeks ago by nathaniel45.

Interesting… I’ll add a few extra pages to JS Challenge. I use woocommerce for user account area. My honey pot is as described in #4. I’ll also see if edits to the Challenge Mode is available in free Cloudflare. Thanks for the info.

Even though people will see the black Cloudflare page briefly I’m hoping it stops most before they try making an account. But as stated they do not get though a simple hidden input honeypot. ! empty = no good.

• This reply was modified 1 month, 3 weeks ago by nathaniel45.

I’m only using the the free plan so I’m using the Bot Fight Mode.

It filled in the hidden input like they always do. JS Challenge seems to be working more then I first thought, out 26 issued only 5 solved.

• This reply was modified 1 month, 3 weeks ago by nathaniel45.
• This reply was modified 1 month, 3 weeks ago by nathaniel45.

Already had a bot get though and try to make a user account. I sure hope JS Challenge will improve blocking access more over time. I do have Turnstile on and will leave it. But it seems like a hidden input check is the best option as it works 100% of the time in blocking them.

• This reply was modified 1 month, 3 weeks ago by nathaniel45.
• This reply was modified 1 month, 3 weeks ago by nathaniel45.

I added a JS Challenge for the account area. What is the purpose of Turnstile then?

• This reply was modified 1 month, 3 weeks ago by nathaniel45.

Before you posted I tried unchecking “Enable merging of JavaScript files” and that seems to have fixed the issue. I did not add the JS lines to exclude. Any idea why “Enable merging of JavaScript files” checked works on other sites but not this one? Same code and theme builder and other plugins.

Your fix won’t work as the code that is giving the issue is added to the footer.

The thing that is odd is that only one website is doing this while not one of the other sites I administer has this issue. All sites have the same setup.

I’ll give your fix a try. Thanks

• This reply was modified 5 months, 4 weeks ago by nathaniel45.

There is a conflict between WP Cerber Security and The7 theme builder. WP Cerber Security is not blocking /wp-admin/ until after The7 loads parts of the header. In this case it’s a mini cart for Woocommerce. I have confirmed this issue on all the sites I have The7 theme builder and WP Cerber Security on.

In order to fix the issue I had to turn off “Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request” in WP Cerber Security and install the plugin Remove Dashboard Access.

Update: I disabled “Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request” and when going to https://winir.org/wp-admin/about.php I’m directed to the login page. But I have “Block access to wp-login.php” selected. So I enabled “Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request” and still is not blocking access to wp-admin.

• This reply was modified 1 year ago by nathaniel45.
• This reply was modified 1 year ago by nathaniel45.

The site I had the issue with is not using the WooCommerce High-performance order storage.

It shows in WooCommerce > Advanced > Features

WordPress posts storage (legacy) is selected and under the options
“2 Incompatible plugins detected (Product Open Pricing (Name Your Price) for WooCommerce and Product Visibility by User Role for WooCommerce).”

WooCommerce version: 8.6.1

• This reply was modified 1 year ago by nathaniel45.