WordPRess toolkit security measures

Resolved lordsnake
(@lordsnake)

3 months, 3 weeks ago

When enabling the WordPRess toolkit security measures, this seems to cause problems for Wordfence, and it just keeps saying.
“To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:”

here are the Security Measures
Block access to sensitive files(can be reverted)
Forbid execution of PHP scripts in the wp-includes directory(can be reverted)
Block access to potentially sensitive files(can be reverted)
Block access to .htaccess and .htpasswd(can be reverted)
Restrict access to files and directories
Configure security keys
Block unauthorized access to xmlrpc.php(can be reverted)
Block directory browsing(can be reverted)
Forbid execution of PHP scripts in the wp-content/uploads directory(can be reverted)
Block unauthorized access to wp-config.php(can be reverted)
Disable scripts concatenation for WordPress admin panel(can be reverted)
Turn off pingbacks(can be reverted)
Disable PHP execution in cache directories(can be reverted)
Disable file editing in WordPress Dashboard(can be reverted)
Change default database table prefix
Enable bot protection(can be reverted)
Block author scans(can be reverted)
Change default administrator’s username`

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support wfpeter
(@wfpeter)

3 months, 2 weeks ago

Hi @lordsnake, thanks for the information.

The notice you’re seeing about optimizing the firewall is likely because a feature of WordPress Toolkit has taken control of the auto_prepend_file directive in your .htaccess/.user.ini file. When this happens, Wordfence reports as only providing basic protection again on the firewall.

Optimizing Wordfence afterwards using the INCLUDE option in the wizard will ensure more than one product requiring auto_prepend_file is able to do so. Wordfence will include the other file so that both can run together.

Naturally, running two security products together could cause your site to slow down if there are any overlapping features running simultaneously, but Wordfence and other products usually allow certain features/modules to be turned off entirely so that you’re able to mix-and-match the combination that most suits you.

Let me know if you see any further issues!

Peter.

Thread Starter lordsnake
(@lordsnake)

3 months, 2 weeks ago

sorry but I don’t see anyhting in your respons ethat actually answeres the question.

WordPRess toolkit is not a WordPRess plugin or security product, it is a module inside cpanel that is used to manage WordPress sites.
So it is impossible for it to run alongside Wordfence or slow the site down.

I’m rather surprised you have never heard of it.
you might want to read up on it first: https://blog.cpanel.com/wp-toolkit-lite-vs-wp-toolkit-deluxe-a-feature-comparison/

Thread Starter lordsnake
(@lordsnake)

3 months, 1 week ago

I hope you read up on wordpress toolkit and understand what it is now.

since I didn’t get any response form you, I solved the issue myself.

It was this setting causing the problem for your reference.
“Disable scripts concatenation for WordPress admin panel”

Plugin Support wfpeter
(@wfpeter)

2 months, 3 weeks ago

Hi @lordsnake, my apologies for the misunderstanding and thank-you for the update highlighting your solution. My test environments are fewer than those of the development and QA teams who check plugin compatibility, and I had not yet consulted with them before my initial response to your issue.

I’ll modify my records to look out for the “Disable scripts concatenation for WordPress admin panel” option should it be enabled on sites experiencing similar issues in future.

Peter.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Views