WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Sentinel
A must-have security enhancement (4 posts)

5 stars
  1. NoProbRob911
    Member
    Posted 1 year ago #

    This is a great plugin! I just wish I had it installed before some @#$% found a flaw in a different plugin that allowed them to add their spam crap to my theme file. I now use WordPress Sentinel on all of the WP-based sites that I run. So far, it has only notified me of legitimate changes ("false" alarms), but I sleep a little better knowing that my WP installations are being monitored better than I can do just manually checking stuff constantly...

  2. hartmutnz
    Member
    Posted 1 year ago #

    Hi, thanks for the info. I wonder about 1 thing though. The Sentinel plugin tells you that someone changed your files... but it cannot prevent changes by un-authorized users? If that's the case it needs that feature.. maybe the developers can look at that? Thanks, Groggo

  3. NoProbRob911
    Member
    Posted 1 year ago #

    I'm not the developer and do not know him/her/them, but here's my thoughts, for what they're worth ...

    There is no really perfect way to protect your files. Sure, you can make most of them read-only, but that then keeps you from using the built-in editing capabilities in WP (theme editor, plugin editor, etc.). Plus, some plugins need to be able to write to files as part of their legitimate operation.

    The problem is that if you write-rrotect the directories and files, you and your plugins cannot edit them. If you leave them unlocked, a "bad person" (TM) can, for example, find a plugin with poor security on your site and use it to mess with your files. That's the Catch-22.

    It's like nailing the doors and windows shut on your house. Sure it's more secure, but then the burglar will just crawl down the chimney. Just when you think it's secure, along comes a more determined burglar. Plus, I find that doorknob awfully handy when I want to leave or enter the house! This plugin is more like an alarm system than those nails. It doesn't make the house inaccessible (including to me), but it lets me react faster when there is a break-in.

    By giving me an earlier heads-up to file changes, this plugin at least lets me get to the fix-up and deal with the problem sooner. I can check the logs to do some forensic investigation to determine point of entry, source of the attack, etc., and take my own steps to prevent it in the future.

    In the case I aluded to in my previous post, a small site that has little traffic and to which I don't pay much attention, fell victim. I didn't notice it for about 2 months. Oh, sure I logged in to the admin panel many times during that period. But there was no obvious indication anywhere that a few lines of code had been added to one of the theme's files. And the stuff that was added was not easily noticeable ("invisible" links to nasty sites and such helping provide SEO "legitimacy" to those sites). Two months is a lot of time for my little site to be advertising those -- ahem -- "products."

    So secure your house (see Hardening WordPres on this site and search for "securing WordPress" or similar online), but use this plugin as your "alarm system."

    Regarding security "lock-downs," have you looked at the Better WP Security plugin? It's worth a look.

    Again, just my own thoughts. Hope this helps... :)

    Good luck!

  4. hartmutnz
    Member
    Posted 1 year ago #

    Hi NoProbRob! Appreciate all your advice and I am sure there are hundreds of other users here that appreciate your comments! Thanks, Groggo

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.