Česlav Przywara
Forum Replies Created
-
Hi,
If you activate “Prevent Hotlinks” feature under Firewall menu, your media files should be protected from direct access.
Greets,
ČeslavHi @wpsolutions,
I’d suggest to show an admin notice informing about 5G being phased out soon to any user who has 5G active. This way also users that don’t read changelogs will become aware.
The note could link to a (sticky) support thread that would briefly explain the decision behind the change and encourage the switch to 6G or provide copy-paste ready 5G snippet for Custom Rules for those who would like to keep 5G.
Then some future version of the plugin could remove 5G feature completely.
Yes, SSL certificate is unrelated to what AIOWPSF offers (and any other security plugin for that matter).
By having SSL enabled on a site, you ensure that communication between your webserver and its visitors is encrypted and no one can eavesdrop on it. But SSL is not only crucial to privacy, it also improves security: your admin password is no longer sent as plain text when you log in to your WordPress back-end etc.
@simonezazu, good catch, I completely forgot about 5G.
I’d be in favor of removing 5G from the plugin instead of patching it for new Apache. 5G is an out-dated and problematic ruleset these days, but I let @wpsolutions have final word on this.
Thanks for testing!
Hi,
send_unlock_request_email .. both subject and body .. is there a way to do that without touching the plugin files?
Have a look on
send_unlock_request_email()method inAIOWPSecurity_User_Loginclass (still the same file). Your only chance is to provide alternative plugin translation strings (ie. load your own translation file for the plugin with those strings adapted).I would like to have the “submit email for unlocking request” form on a page of my own (like mydomain.com/unlock_request/ , not the wp login url …
is there a function that outputs that form, similar to what AIOWPSecurity_User_Login::insert_unlock_request_form() does for the button?The form is rendered by other-includes/wp-security-unlock-request.php file, so you can try to include it. Note that this file renders entire HTML page, so you have to include it before WP sends any output. This is how it’s done in the plugin (see classes/wp-security-general-init-tasks.php file):
//For user unlock request feature if(isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])){ nocache_headers(); remove_action('wp_head','head_addons',7); include_once(AIO_WP_SECURITY_PATH.'/other-includes/wp-security-unlock-request.php'); exit(); }Alternatively, you may try to code your alternative to this file (as a shortcode or whatever works for you) and just make sure to call the necessary static methods of the plugin. This should work too.
Greets,
ČeslavHi Tim,
That info you got from your tech support is a bit inconsistent with what the official Apache documentation says on these directives:
[…] the order in which lines appear in the configuration files is not significant — all Allow lines are processed as one group, all Deny lines are considered as another […]
Nevertheless, let us know, if this change helped in your case.
Greetings,
ČeslavForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] New user login problemHi,
It sounds to me like you have enabled manual approval of new registrations (see User Registration > Manual Approval). Note that you have to approve registrations done from back-end as well.
Cheers,
ČeslavHi @shawndk,
I think the problem you had has been fixed in version 4.0.7 of the plugin (see also this support thread).
Kind regards,
ČeslavHi,
Check the classes/wp-security-user-login.php file.
There’s a
AIOWPSecurity_User_Login::insert_unlock_request_form()method that will produce a “Request Unlock” button. One problem with this method is that it is not static (it safely could be though), so will you needAIOWPSecurity_User_Logininstance to be able to hook it.I don’t know Profile Builder Pro, so I’m not sure what’s the proper place to hook it. In the AIOWPSF plugin, it is hooked twice (see
AIOWPSecurity_User_Login::aiowp_auth_login()method in the same file):add_action('login_form', array(&$this, 'insert_unlock_request_form')); add_action('woocommerce_login_form', array(&$this, 'insert_unlock_request_form'));Hope this helps,
Česlav@simonezazu, that’s a good point. I only used old directives in .htaccess on my local Apache 2.4 server, so I had no troubles with mod_access_compat.
Btw. you might be interested in checking out AIOWPSF master branch on Github. All firewall rules that used old directives now also support the new ones. Also Blacklist Manager feature now works under Apache 2.3+. The only feature that still needs to be adapted for newer Apache is Login Whitelist, but we’re working on that.
Would be perfect, if you could give it a try and report back!
Hi,
Try turning off 5G firewall. Btw. you should be using 6G only, unless you have specific reasons to use 5G.
Cheers,
ČeslavI’m sorry, but I don’t know Adminize. Maybe try to contact its author?
Anyway, I’m marking the thread as resolved.
Hi,
Go to “Filesystem Security” > “PHP File Editing” and turn off the “Disable Ability To Edit PHP Files” feature. If it doesn’t help, probably some other plugin you have installed is causing your trouble.
Cheers,
ČeslavHi,
If the membership plugin works with 6G enabled, just disable 5G and you are fine. 5G is already quite outdated these days.
Cheers,
ČeslavForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Break RSS feedThis is strange, I’m not aware of any feature of the plugin that could cause something like this.
Can you turn off all the other plugins and switch to a default theme temporarily to check, whether the issue is really caused by AIOWPSF itself? It looks more like a plugin/theme conflict to me.