Plugin Author
Paul
(@paultgoodchild)
What activity have you be seeing exactly?
Plugin Author
Paul
(@paultgoodchild)
Does that sort of traffic even touch WordPress itself?
Yes it is. I ban my ip but i can still see and exploit all wordpress. It only show me i am blocked when i try to logging in…
Plugin Author
Paul
(@paultgoodchild)
Do you have the setting in the Firewall enabled to ignore Administrators?
Ignore Administrators setting is disabled. And firewall is on.
Plugin Author
Paul
(@paultgoodchild)
Okay, can you be specific about the exact behaviour that you’re seeing that you don’t expect. The more specific details please, the better.
I ban someone from simple firewall by ip or ip range. He can browse the site can check exploits on my site, what he cant do is log in to the site. I was expecting when i ban user by ip or ip range he is cut out from all page not only from login…
Plugin Author
Paul
(@paultgoodchild)
The block doesn’t block visitors, it blocks visits that contain any sort of parameters.
If I’m a hacker and I load “http://www.yourwebsite.com/”, there is nothing I can do there, because there are no parameters. I’m not posting login information, I’m not request an admin page, if I’m not logged in I’m not passing Cookies.
The firewall is optimized to not run if there are no request parameters.
OK, but as i posted before i was able to run an exploit on my site even if the firewall was on and my ip was banned. So i think something not working here right…
Plugin Author
Paul
(@paultgoodchild)
That isn’t a WordPress exploit – as far as I can see that URL doesn’t even touch wordpress
Plugin Author
Paul
(@paultgoodchild)
Could you also elaborate on the exact nature of the exploit – what is it exploiting?
I installed an plugin that have an exploit and i did get access to WP using an exploit. I had firewall on and ip ban so i think its exploiting.
Plugin Author
Paul
(@paultgoodchild)
This plugin does not block other plugin exploits. It blocks pathways for attack and exploitation.
It’s impossible to write a plugin that blocks the exploits of all other plugins.
It’s impossible to write a plugin that blocks the exploits of all other plugins.
I know but its possible to make BAN function to check if someone is banned when he visit the site. Not only if he try to login… I think i will just leave the topic no sense to post about not functioning BAN in this plugin. I will just install other BAN plugin that will BAN people when they try to enter my site instead only BAN them when they try to log in… Or just add them to .htaccess
