WordPress.org

Ready to get started?Download WordPress

Forums

Botnet Attack Blocker
Not the right way (5 posts)

1 star
  1. Frank
    Member
    Posted 1 year ago #

    Leaves a table and settings in your database after deinstallation. Uses the init-Hook to perform on every page call :-(
    Doesn't care about the real admin (customer!) knocking at the door while or shortly after an attack has happend.

    So please put an .htaccess in your wp-admin folder instead and use HTTP AUTH with a diffent username and password. This is by far the most effective way to prevent admin area hacking in general as well as distributed attacks and probing usually published login names (yes they're published, even if not visible - look into the HTML).

    Hope this helps!
    Cheers.

  2. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    Really? One star for a plugin that is proven to work effectively? Most of your issues are in the development roadmap (except for .htaccess which is simply a different method of protection) and the plugin is still under very active development. If you are not happy with how it works, then please do not use it. I think one star is a little unfair. Thanks for your feedback anyway.

  3. Frank
    Member
    Posted 1 year ago #

    But it's just my conviction, so sorry about that. Your plugin helps for a particular matter and is not a tomorrow solution. Otherwise the http auth method for the wp-admin folder is kind of timeless survival for wp installations - in case of botnet attacks and whatever you can think of regarding to the backend area. I mean: no update trouble, no: "it doesn't work after upgrade!" and things like that.

    Well, it's not that I cannot appreciate effort to make a better world. You help - for this partitular purpose - a lot for sure.

    Cheers.

  4. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    The .htaccess basic auth is only a good solution as long as people are running the Apache webserver, it wouldn't work if they are running Microsoft IIS or Nginx or many other servers. Some hosts also disable per-directory .htaccess in the server config so this would also prevent it working.

    Secondly, I feel that the average WP admin user can install a plugin, but not necessarily deal with .htaccess files and troubleshoot why they may not be working (which could be any/all of the above reasons).

    So I'm afraid I don't entirely agree with you!

    You're totally right that uninstallation isn't clean and the init hook fires too often and it does lock down in quite an extreme way (all these will be dealt with in a future update), but it's the first WP plugin I've ever written and I'm developing it in my very limited spare time (like most other WP plugin devs), so please bear with me! Luckily, most of the feedback so far has been very positive.

    Thanks for taking the time to review though, I hope other users will find your points useful.

  5. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    Hi, the latest version (1.7) now removes options and deletes the table on deactivation and replaces the init hook so it does not run on every page. I hope that this and the points made above on why .htaccess isn't a good solution will prompt a slightly more deserving rating - thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.