Plugin Author
Paul
(@paultgoodchild)
If the proxy server is forwarding the IP address correctly as it should, then the plugin will not block on the proxy, but on the real client IP address.
That’s not really a way to test it.
Put in your own IP address and see. First test that you can turn off the plugin using this: https://icontrolwp.freshdesk.com/support/articles/3000000959-i-m-locked-out-of-my-own-site-
Thanks,
Paul.
Thanks for the quick response Paul!
Yes, that worked, blocking me from logging in. Thanks.
Next question:
I am getting hit with “plugin scans”. It appears (via my csf Apache Status alerts) that my site is occasionally being flooded for requests for plugins that do not exist.
GET /wp-content/plugins/woopra/tags/…
GET /wp-content/plugins/open-flash-chart-core-wordpress-plugin/…
GET /wp-content/plugins/woopra/tags/1.4.2/inc/php-ofc-library/…
etc, etc.
Will WordPress Simple Firewall help with that?
Thanks for any info.
Plugin Author
Paul
(@paultgoodchild)
There is nothing to do there. These are just web requests and there’s nothing that a web request, in and of itself, should be blocked for.
What you might want to consider is placing some .htaccess files in your “plugins” folder to prevent direct access, but then you don’t know how that might affect your plugins.
Unless a web request is malicious, in and of itself, they shouldn’t really be blocked and shouldn’t really be. You’re being “scanned” for the existence of plugins with vulnerabilities. Your best protection is:
– keep WordPress updated
– keep your plugins updated.
Hope that helps.
It does help. Thank you.
Seems a static 404 file might help too. At least with the crazy cpu rates the built in 404 seems to eat up when getting slammed with non-existent page requests.
Thanks again and great work!
Plugin Author
Paul
(@paultgoodchild)
No problem! Happy to help 🙂
Do you fancy leaving the plugin a nice WordPress.org review if you like it?
Thanks!
Paul.
