Support » Plugin: Wordfence Security - Firewall & Malware Scan » Request two features

  • Resolved whateverfree2

    (@whateverfree2)


    Hi
    Thank you for the great plugin.I used Wordfence on all my websites

    Today, I send this post to request two features, I think they’re good and bring Wordfence to the next level.

    Feature 1: Has the option to block/disable create Administrator account
    Some malicious code can auto add an Admin account into the Wp website, so this option will helps stop them.

    Feature 2: Has the option to set a password for Wordfence itself, so we need to enter the password to access Wordfence option as well as disable Wordfence.

    Feature 3: Has the option to block upload php code.

    I hope you like my feature idea
    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfdave

    (@wfdave)

    Hi @whateverfree2,

    I like these features, but they are not possible, and I can explain in further details.

    1. Blocking creating Admin accounts:

    A lot of malicious plugins directly access the database to create new admin users. This cannot be prevented without blocking the database access to all your other plugins.

    2. Password for Wordfence

    Possible, but it’s possible to disable Wordfence within FTP as well (which can’t be prevented).

    3. Block upload PHP code

    This already exists, called Disable Code Execution for Uploads directory within Wordfence -> All Options.

    Dave

    whateverfree2

    (@whateverfree2)

    @wfdave thank you for quick reply.

    1. Blocking creating Admin account
    I am not sure about that but the plugin Shield Security does very good in blocking create new admin account. I request it in Wordfence so don’t need install many security plugins per website.

    2. Password for Wordfence
    In this case, we protect WordPress option from web access if some one can hack via web, not sure about that.

    3. Block upload PHP code.
    If some one can exploit a plugin or theme they can upload the shell script to control all the websites, block upload php or execute file will stop them.
    They can upload to the folder outside of uploads directory so in this case Wordfence didn’t protect the site/stop the upload.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.