http not protected when running https

  • Resolved tedinoz

    (@tedinoz)


    11 years, 1 month ago

    I’m running on shared hosting with an SSL, WordFence and the Codex hardening precautions.

    I had a brute force attack on my login page this week; 90,000 hits from 3 IP addresses in 18 hours, and all directed at my http address. However WordFence didn’t respond – it seems to me that all my defences (including WordFence) are focused at the https side.

    What am I missing here? Have I failed to properly configure the SSL or Wordfence?

    FWIW, after I installed the SSL, WordFence refused to work until I added this to functions.php
    add_filter( ‘https_local_ssl_verify’, ‘__return_false’ );

    Ted

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • WFBrian

    (@wfbrian)

    11 years ago

    Hi Ted,

    I’m running Wordfence on a http only site and it detects issues. There shouldn’t be any difference between http and https as far as Wordfence is concerned.

    -Brian

    Thread Starter tedinoz

    (@tedinoz)

    11 years ago

    The more I think about this, the more likely it is that my problem is server/configuration oriented. I don’t think it is a WordFence issue.

    Our SSL is pretty new and I’m struggling to understand why the attacks would appear on the cPanel “http” raw access logs, but NOT on the cPanel “SSL” raw access logs.

    In essence, the hits from the attack didn’t get referred to the https address. I think this is why WordFence didn’t deal with them.

    Ted

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘http not protected when running https’ is closed to new replies.

Tags

  • 2 replies
  • 2 participants
  • Last reply from: tedinoz
  • Last activity: 11 years ago
  • Status: resolved