WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Login Security Solution] wordpress Security using login security solution

[Resolved] [Plugin: Login Security Solution] wordpress Security using login security solution

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Daniel Convissor

    @convissor

    Are those the exact user names and quantities in the emails, or have you altered them?

    Are you behind a proxy, load balancer, etc that presents WP with a given (set) of IP addresse(s) in REMOTE_ADDR instead of WP receiving each user’s actual IP address?

    I couldn’t see your settings because mediafire is requires JavaScript. You’ll probably want to increase the “Failure Notification” number so you don’t get soooo many emails.

    Nope, I haven’t altered anything.
    today’s mail
    inside those emails
    my settings

    Are you behind a proxy, load balancer, etc that presents WP with a given (set) of IP addresse(s) in REMOTE_ADDR instead of WP receiving each user’s actual IP address?

    I don’t understand fully the terms but F.Y.I. i have rented a shared server for testing plugins and themes for the site before it finally rolls out.
    And the registration & members are mostly spams, I allowed that because I wanted to know how much resources n management would it need and also learn about scalibilty issues ..etc
    Do you think this is because of shared host & IP. And security would eventually get better when I start with dedicated servers and IPs ?

    Plugin Author Daniel Convissor

    @convissor

    Hi Roxor:

    Wait a second. You’re letting random people (and robots) sign up for accounts on your site? In all seriousness, you are compromising the security of everyone on the Internet.

    Please read the “Securing Your WordPress Site is Important” section from the Description page of my plugin at http://wordpress.org/extend/plugins/login-security-solution/.

    Blow away your existing WordPress installation. Now.

    I’d guess your domain name’s reputation is shot, plus miscreants will continue to try to use any WP install you put up on it. Seems like you need a new domain.

    Good luck,

    –Dan

    I am NOT using the actual domain what I have planned and saved to use for my project. Its just a cheap test domain.
    And i have chosen it wisely as i knew this would effect the quality of the domain in long term, So i picked up a name (wrongly spelled) which probably no-one would ever use.
    Well i didn’t realize that i am compromising everyone’s security on the Internet this way. Thanks for the information Daniel. I will refresh my wordpress installation right away.

    Plugin Author Daniel Convissor

    @convissor

    Roxor:

    Thanks for being reasonable. Glad you were thinking ahead with the domain name. I suggest disabling the ability of the general public to create accounts.

    There are many tools out there for benchmarking websites to determine what you’ll need in the way of resources. One example is ab (Apache Benchmark). There’s no need to open your site up for public logins.

    For the remainder of your testing, you may want to set up some .htaccess or server level rules to only permit access to the site from the IP addresses you (and your associates) are coming in from. Example:

    Order deny,allow
    Deny from all
    Allow from 81.83.1.8

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] [Plugin: Login Security Solution] wordpress Security using login security solution’ is closed to new replies.