WordPress.org

Forums

WordPress › Support » Plugins and Hacks

WP-Sentinel
Getting false positives from my editors (6 posts)

  1. rwilki
    Member
    Posted 1 year ago #

    Although my site is 3.3.1 I was getting these false positives with 3.2.1 too. I don't have this problem, but two of my editors are getting locked out. My editor just got blocked after one try.

    I think it might be a conflict between her browser and the plugin. I use Chrome and I don't have problems with it.

    Is there anything I can have them try to resolve this issue? I love the plugin otherwise.

    http://wordpress.org/extend/plugins/wp-sentinel/

  2. amirgbg
    Member
    Posted 1 year ago #

    Hello

    getting false WARNING all the time after update. login as Editor

    Attack details follow :

    - Variable content of the POST method triggered the filter 'html breaking injections including whitespace attacks' ...

    - Variable content of the POST method triggered the filter 'basic directory traversal' ...

    - Variable content of the POST method triggered the filter 'common comment types' ...

    - Variable content of the POST method triggered the filter 'basic SQL authentication bypass attempts 2/3' ...

    I use firefox (as always) btw. I have deactivate the plugin for now. I really like the plugin. What I missing?

  3. majofa
    Member
    Posted 1 year ago #

    This excellent plugin has really saved my site from countless attacks (average 2300 attacks per day).

    But I am having the same problem: my editors are getting locked out after the second intent to post an entry.

    And there are no means to whitelist an ip address. That is what I think is missing.

    Other than that, this plugin has been a lifesaver for us.

  4. velofille
    Member
    Posted 1 year ago #

    Like rwilki, i am getting false positives with my editors.

    We run a techie blog, and any time we try and put any kind of code snippet it blocks the poster - despite them being logged in as an editor or similar user.
    Whilst the readme says "WP-Sentinel will NOT check requests from the user logged in as administrator" it will check the guys who are still posting blog posts, and no i have no plans to make them an administrator just to get the plugin going :)

  5. BerettaNZ
    Member
    Posted 1 year ago #

    Agreed - there are way too many false positives with this plugin. It would be better if we could edit the list of banned character combinations (e.g. -- is a common one).

  6. rwilki
    Member
    Posted 1 year ago #

    like BerettaNZs thoughts OR if there was a way to whitelist IPs somehow...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags