Support » Plugin: All In One WP Security & Firewall » it's ok but it's not all in one

  • Pretty good plugin. Just needs some improvement I really wish these security plugin authors would look at other security plugins and add features from them… I’ve had to double install security plugins for the last 5 years. Why not just give us one “ALL IN ONE SECURITY” plugin we can use??? huh

    Missing some things that other plugins do like removing Author pages (These show your actual login name despite what you set in user profile and try to hide, this plugin asks you to set a different name though… pointless feature)

    So lets say you install WordPress with username “BobGeldof” then go to profile and set your alias to be “Bobby” or “Admin”, posts written by you will have the tag authored by “Admin”. However mousing over the “Admin” link you can see author page is “yoursite/BobGeldof/” which is a pretty big security issue. It’s much better to actually hide your login name by removing author pages.

    There were some other things I noticed like the RSD and WLW and shortlinks and feed links in header which are all totally useless. WordPress versioning, etcetera etcetera. A few other issues I can’t recall off the top of my head that need implementing.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Most likely due to the time consuming nature of coding. ie I have a plugin (no names) that will be finished in about another year. 3+ years of coding work so far and another year to go to add everything on my original list. The other factor is supporting the plugin. ie the more things you add the more your support time increases. If you are spending the majority of your time supporting a plugin then that decreases the amount of time you can spend creating new things. It’s a juggling game. 😉

    Oh yeah for sure I understand that. Why not call it T&T Security though? (pun not intended – tips and tricks)

    What I mean to say is on the security side of things it doesn’t include as much as IThemes and/or your wonderful Bullet proof, and on the firewall/live traffic side doesn’t include as much as Wordfence.

    So I guess it’s the naming that irks me the most. That and the author issue. I know the header stuff can be implemented pretty easily.

    For the last few years I’ve had to install iThemes(formerly “Better WP security) change things like database tables that some auto wp install cpanel software don’t allow you to modify. Enable all the changes but don’t allow iThemes to write to .htaccess. Copy the code for .htaccess – Install Bulletproof
    – Paste iThemes .htaccess code into BPS custom code
    – Copy paste all the forum code snippets like author bot enumeration from BPS forums into custom code
    – Install BPS .htaccess files.

    On top of that I also run Spyder Spanker on some sites which allows me to setup my bot block lists and watch live traffic to block new bots.

    +Create black holes of doom for bots who ignore robots.txt and nofollow rules. And add hidden honeypots on all forms.

    Then when it comes to creating content or site design I feel like giving up at that point 😀 so much work.

    The other thing both iThemes, ALL-in-One and others need is custom code. That is the lifesaver and one of the main reasons I run BPS.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi @gcampton I agree with you in regards to adding more features and improving this plugin. If you view the changelog from the beginning up to now this plugin has come a long way and has added many new and great security features which many praise including myself 🙂

    In the ideal world it would be great to implement all features from all the great security plugins found here in wordpress.org. However as all developers would probably agree with me on this is that would be extremely challenging to implement or impossible.

    Each security plugin does a great job in the way the developer or developers have designed their plugin. At the same time it gives all users a sense of security and it provides a choice in how they want to secure their website.

    Another factor to consider is themes and other plugins. Some security plugins works better than others with other plugins and themes.

    I also like to thank you for your great and super informative review. It is much appreciated 🙂 Thank you also to @aitpro for his input which makes a lot of sense.

    Kind regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘it's ok but it's not all in one’ is closed to new replies.