Thread Starter
wjwc
(@wjwc)
See this?
I have a redirection plugin that catches 404 errors. This is what was produced. http://prnt.sc/aajh7r
And my setting was http://prnt.sc/aajhjx
Explain to me how this ip managed to escape being caught? Simple, he used my domain as referrer. Now tell me how do I block such a smart hacker?
So yes, 2 things.
1. Any hacker can get around the block by setting timeout to more than 5 minutes.
2. They also can bypass the block by setting my domain as referrer.
Thread Starter
wjwc
(@wjwc)
And one more.
I set it to block a url where someone is stupid enough to set up amazon health check on my website for god knows what reason.
http://prnt.sc/aajmu0
And this was my option. http://prnt.sc/aajmws
It completely failed to recognize the blacklisted url and none of it was blocked!
WF team. Wake up. The more i dig the more i found how ridiculous your plugin is.
1. Any hacker can get around the block by setting timeout to more than 5 minutes.
2. They also can bypass the block by setting my domain as referrer.
3. It failed to block IP in my blacklist URL.
You’ve misunderstood how the option”Count failures over what time period” works. Please see:
https://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period
Your redirection question isn’t clear. It sounds like there’s a conflict with your redirection plugin. Also you have the limit on 404 errors set to unlimited and yet you seem to expect them to be caught.
My guess is that for the blacklisted URL (and possibly the redirect issue) you’re processing those outside of WordPress. Unless the request is handled by WordPress, Wordfence doesn’t get involved.
Regards,
Mark.