WordPress.org

Ready to get started?Download WordPress

Plugin Directory

BREACH Avoider

Avoid to be easily the target of the HTTPS BREACH vulnerability.

  1. Extract the plugin folder from the downloaded ZIP file.
  2. Upload Bthe folder to your /wp-content/plugins/ directory.
  3. Activate the plugin from the "Plugins" page in your Dashboard.
  4. Done!

You can (and i encourage you to do it) define 2 constant in wp-config.php file :

BBA_REPEATER : used by this plugin to add a new secret srting in each nonces (e number used once to create a secure token and avoid CSRF flaws), default is 2, min is 1, no max, just change it.

BBA_NONCE_LENGTH : From 4 to 32 with 10 for default value, you can modify the length the each nonces in WordPress, the longer, the better

Also, WordPress includes a "nonce_life" filter hook. Its default value is 4 hours (DAY_IN_SECONDS), i suggest you to low this value, like 12 hours or 6 hours (HOUR_IN_SECONDS /2 or /4)

Requires: 2.5 or higher
Compatible up to: 3.9.1
Last Updated: 2014-4-30
Downloads: 358

Ratings

5 stars
5 out of 5 stars

Support

0 of 1 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1
100,1,1