Sceptical Wordfence Claims
-
I too liked Wordfence but I have to admit I have become very sceptical of Wordfence claims.
The best example I can offer is a web site where we have modified two very important security elements.
1. We have blocked access by IP address to the login page. No-one except my IP can even see the admin login page. Now I can hear everyone
saying that there are ways around this, which brings me to #2.
2. Using a clever plugin, I have changed the page name (file name) of the login page. Even if a user bypassed the IP security, they have no idea
where the login page is (/login-xyz-456).
So then, what has WordFence blocked when it sends me this email..
This email was sent from your website “XYZ” by the Wordfence plugin at Saturday 10th of October 2015 at 08:20:09 AM
The Wordfence administrative URL for this site is: http://www.xyz.com.au/wp-admin/admin.php?page=WordfenceA user with IP address 181.160.215.189 has been locked out from the signing in or using the password recovery form for the following reason: Used
an invalid username ‘admin’ to try to sign in.
User IP: 181.160.215.189
User hostname: 181-160-215-189.baf.movistar.cl
User location: Concon, ChileNot one blocked email either, hundreds. So what does it think its blocking?
- The topic ‘Sceptical Wordfence Claims’ is closed to new replies.