wbenterprises
Forum Replies Created
-
Forum: Plugins
In reply to: [Limit Login Attempts] Brute Force Protection not staying enabledI believe this is happening after each manual update to other plugins. Whenever I update some plugins, this option appears to get turned off. It’s not the plugin itself, it’s other plugins like WP Mail or UpdraftPlus, etc. Why is it?
Forum: Plugins
In reply to: [Limit Login Attempts] Login Transactions Report no longer recordingI have “Activity Log” added because I didn’t see any login logs being produced by this plugin.
I use WPForms, but that’s always been installed.
I also use Ultimate Member, which has always been installed.
- This reply was modified 3 years, 3 months ago by wbenterprises.
Forum: Plugins
In reply to: [Limit Login Attempts] Brute Force Protection not staying enabledI have been watching this issue closely. It seems the option for brute force protection is turning itself off after someone attempts an attack. I have logs which show multiple attempts at logging in with an invalid username/password. I shouldn’t see more than 10 because this option was on. However, I see over 130 attempts to login, then I go check the option and it’s turned off. Why is this happening? This plugin does not block the IP but instead disables itself.
Forum: Plugins
In reply to: [Limit Login Attempts] Block on URL access? + Other questionsHello,
Thank you for the reply.
I think it would be beneficial to add the URL blocking feature. It’s a good security (honeypot) feature, and a competitor already offers this feature in their free version. I often see attempts to scan a site for specific vulnerable plugins or resources.
Also, 403 errors are not strictly blocked IP addresses. They are also blocked resource accesses (like preventing direct linking to images or other site files). See here:
https://en.wikipedia.org/wiki/HTTP_403
And, the WAF/IP Blacklist page does not appear to log attempts, but that’s not too important if it’s only 403.6 IP addresses.
The documentation provided above does not go into detail about WHAT a setting does. The brief descriptions in the plugin fall short.
— Does enabling .htaccess only block IP addresses, or does it offer other features?
— What is the difference of activating .htaccess on the WAF or the Advanced Blocking page?
— What does SQL Injection Protection do that WordPress already does not do? Does it check all inputs from all forms from all plugins?
— What does it mean when “Website firewall on plugin level” AND “Website firewall on .htaccess level” are both OFF?
So many questions.
- This reply was modified 3 years, 3 months ago by wbenterprises.
- This reply was modified 3 years, 3 months ago by wbenterprises.
- This reply was modified 3 years, 3 months ago by wbenterprises.
Thank you, again! This is great code. It works lovely now. I hope you will consider placing comments in the coding for reference! ??
I will mark this thread resolved for now, but I hope UM will consider making this option permanent. I don’t see how it could be a bad thing, especially for security and auditing purposes.
Forum: Plugins
In reply to: [Limit Login Attempts] Brute Force Protection not staying enabledNo, there is no error message. It states, “Brute force is enabled and configuration has been saved.” However, when I go back to look at a later time, it’s unchecked again.
Where is the database location for the setting? I can check to see if the settings is actually saved or not.
I really appreciate your effort on this! Thank you very much of helping out.
I think it could be super helpful to others reading this thread if you added comments on the code you made so that it can be customized to different need. Or make it a plug-in! ??
For example, some sites may want it to just mark an account for deletion so they can then do some other actiosn, whereas I’d like to just disable login and then take an action (like archive). I’m not very proficient (yet) on coding for WordPress but I’ve cut my teeth on PHP before.
Again, thank you, and I’ll try this new code out and see where it lands me.
UPDATE EDIT: Unfortunately, it still doesn’t disable logins for me. Perhaps it may be due to my site having a 2FA plugin as well. However, I found another plugin that adds “disable account” to the user settings and at least your code sets off the UM email notifications which I can use to my advantage.
- This reply was modified 3 years, 4 months ago by wbenterprises.
I don’t feel this is a feature to be requested. This should be a standard security best practice of any application. Don’t alter security-relevant details from audit trails.
I tested this code but it does not remove the user’s access, it only adds them to the Archived role for UM. They still have Subscriber role and can log in.
- This reply was modified 3 years, 4 months ago by wbenterprises.
Hello missveronica and thank you for doing this. I will try the code but I have a question. On the github link, it states I can use code-snippets to add the code. I prefer to do this, but could you please add instructions for adding it to that plugin? For example, where to run the code (e.g. front-end? everywhere?) and any Priority change it may need.
Also, it mentions to remove member directory display for the Archive role but I don’t see that option. Is this supposed to be under “WP Capabilities” in the User Roles settings?
OK, I understand, but if it’s a fundamental change required on WordPress coding, I think it’s important that plugin developers also request this feature because it’s an important security function!
- This reply was modified 3 years, 4 months ago by wbenterprises.
Forum: Plugins
In reply to: [Gallery Custom Links] Why are regular image blocks using the external links?It wouldn’t be possible to have an option where GCL will not replace the URL when the Image block already has a link manually saved by the user? That’s all that’s needed.
Seems like it should be a simple database query to figure out if there’s a link already placed in the block settings. Or, are you not adding features which support Gutenberg blocks despite it being the way WordPress is designed now? Gutenberg blocks are a very common way to build websites now, enough that they should always be considered.
Thank you for the consideration!
Thank you for clarifying this hook. I appreciate it!
One more question:
4) Will the reward be triggered based on the amount of points purchased, or the balance user’s total afterwards?
Hello,
Thank you for replying. I would like some more clarification so I understand correctly how this functions.
Example:
If I set 3 thresholds:
Between min 1 and max 100, award 10 extra points.
Between min 101 and max 1000, award 100 extra points.
Between min 1001 and max 10000, award 1000 extra points.1) Will the awards only be given when the user makes a purchase? How about when a coupon, gift, or other hook is used to earn points?
2) Will the awards only be given once per user, or each time a purchase is made?
3) Using the example above, if I set all the *minimums* to “1” (and creating an overlap), will all three rewards be given when a purchase above 1000 points is made (an extra 1110 points)?
Thank you.