WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
All in one WP Security & FireWall Not Recommendable (7 posts)

1 star
  1. WPTeamer
    Member
    Posted 10 months ago #

    All In One Security & Firewallis not recomendable for any new users because there is lack of security so a good setup on your own would be better.

    I was yesterday victim of a DDOS attack on my webhost and after cleaning up after the kids that stalled my webhotel for a couple of hours i installed this plugin.

    Used the highest level of security possible but when i later was looking at my files the old GOOD .htaccess was changed to backup and a new was there and when i looked into it i found a Password i usually use!

    And when i looked at the attributes of the file it was readable by the world wtf a security file without security!!!

    So the hackers could just search for the plugin and look inside .htaccess and then login to the site ... ok they would not have to hack it then.

    Stay out i do and use wordfence or better wp security instead this looks anyway like a copy of better wp security although it missed some of the good features.

  2. wpsolutions
    Member
    Plugin Author

    Posted 10 months ago #

    @doculeak,
    Your review is very misleading and the assumptions you make are simply wrong.

    the old GOOD .htaccess was changed to backup and a new was there and when i looked into it i found a Password i usually use!

    This is totally wrong.
    No login information (password etc) is ever stored in the .htaccess file and this plugin certainly does not even know what your login password is in the first place.

    So the hackers could just search for the plugin and look inside .htaccess and then login to the site ... ok they would not have to hack it then

    This is simply not true at all! It is impossible for someone to login to your site by looking inside the .htaccess file because this file simply does not contain any login information in it all. Secondly the plugin does not allow access to the .htacess file for the outside world.

    Maybe next time you should try asking us if you are not sure how certain features work.

  3. WPTeamer
    Member
    Posted 10 months ago #

    Anyway it should not be made readable by public when i made it not before the plugin made a change.

    Beside that it was not a password but a key that i would have expected that would have been encrypted when it's made public viewable...

    So my wordpress was more secure before installed and configured
    that plugin than after :)

    Go fix your screwed up plugin and then come back ok :)

  4. mra13
    Member
    Plugin Author

    Posted 10 months ago #

    You clearly have some misunderstanding somewhere. If you are a new user then it doesn't hurt if you ask us a question before accusing developers who are working hard to create a good plugin. How are you going to feel when I start making accusations against you?

    If you were using the cookie based bruteforce feature and used a secret word for it, then that has to go to the .htaccess file. We have details that explains how it actually work. And when you understand it fully you will see how it is a nice way of doing this. So maybe read a little more and ask us questions.

  5. Thomas O.
    Member
    Posted 10 months ago #

    If you're on Apache, by default the config file protects all files that start with .ht

    So if your .htaccess is readable/accessible from HTTP, there is something seriously wrong with your server setup.

  6. itonstandby
    Member
    Posted 5 months ago #

    Once your site is hacked, it's time to restore from a known good backup and THEN add a security plugin. Adding a security plugin on a site that has been hacked is not the best course of action.

    Add a backup plugin that runs on a daily schedule and sends the backup offsite (Amazon S3, DropBox, etc.)

    At the very least, install Duplicator and download a copy of your site weekly.

    My money, though, is on Backup Buddy. It's not free, but it is totally worth it.

  7. mbrsolution
    Member
    Posted 5 months ago #

    Hi @WPTeamer, have you tried the latest version?

    There has been a lot of work carried out in the background to better improve this great plugin since your first review here.

    I am sure that if you try the latest version you will be satisfied with the results.

    I have been using this plugin on all my websites for the last 5 months. And I am extremely happy with the results plus the support from the developers is second to none.

    If you installs the latest version and are happy with the results perhaps you might like to change your review here.

    Kind and warm regards

Reply

You must log in to post.

About this Plugin

About this Topic