Support » Plugin: Brute Force Login Protection » Good idea but needs a little work

  • I’ve installed this plugin on several sites because I believe the method of blocking access via .htaccess is a good idea. Unfortunately it seems to corrupt the .htaccess file on occasion which shuts down the entire site. Not sure what’s causing it or how to replicate but I’m going to have to disable the plugin until I either figure it out or the author updates the code.

    Keep up the good work! I look forward to giving this plugin another try in the near future.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Fresh-Media

    (@jan-paul-kleemans)

    Hi,

    Thanks for your feedback. I’m sorry that the plugin does not work on your website.

    Could you send me a copy of a correct and a corrupt version of your .htaccess file? So I can see where it goes wrong.

    Thanks.

    JP

    Hi Fresh-Media:
    I obviously cannot say what aapc experienced, but perhaps this could be related info:
    I’ve used another popular security plugin that used a method of automatically editing the htaccess file. When dubious access attempt was registered the attacking ip was immediately written to a blacklist in the htaccess file. The problem with this approach was that it often took place while the server was under most pressure. And eventually the server would fail to finish writing due to lack of ressources which resulted in a corrupted htaccess file (as described by aapc). This is impossible to replicate for a regular user like me, so it’s still only a theory, but I’ve corrollated the general server stats with the time of the file modification, so I think it’s the most likely explanation for this.
    I’m no expert in htaccess, but I think one should avoid direct manipulation if possible. Or perhaps do the manipulation in a more thorough way (write to a temp file first, ensure integrity of the new file, and then swap the file by simply renaming/overwriting? Just some thoughts.
    PS: Now I’m ranting anyway: How about a button i the GUI, that said “Whitelist my current IP-number (xxx.xxx.xx.xx)”? That would be user friendly.

    Plugin Author Fresh-Media

    (@jan-paul-kleemans)

    Hi,

    Thanks for your post! I greatly appreciate you taking the time to help to make the plugin better.

    I think you’re right. I like your idea of writing a temp file first before writing in the htaccess file. I will investigate how to to implement this.

    And your idea about the “whitelist current IP”-button is also great! I will put it on the list for the next version.

    Thanks.

    JP

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Good idea but needs a little work’ is closed to new replies.