Česlav Przywara
Forum Replies Created
-
Hi,
The “tag=” rule has not been introduced recently, actually the opposite: it has been removed from Bad Query Strings ruleset in version 4.0.7 (see the changelog). If you run recent version of the plugin and resave your firewall rules, you should not have this rule in your
.htaccess.Cheers,
ČeslavHi,
Most likely there is some term or token in URL of the request to the API that triggers one of 6G patterns. If you can provide the exact URL that gets blocked, we can have a look on it.
Alternatively, you can reach to Jeff Star (author of 6G) directly.
As for the turning on/off portions of 6G: It could be implemented, but my guess is that most of plugin users would have no idea what is the difference between particular portions. I’m not sure the added complexity to the interface is worth it.
Side note: if you miss search feature on support forum posts, you should add your voice here.
Greets,
ČeslavHi,
Simple answer is no, the features you describe are not available in the plugin the way you want it:
- It makes no sense to lock the account – if bots discover your login page and can guess your username, you’ll end up with your account being locked in seconds. Do you really want to reset your password every time you want to log in?
- Similar as above, if bots discover your login page, you can get hundreds of notifications per hour.
What the plugin offers:
- You can block an IP address after given max login attempts – this is much practical approach, because it stops the attacker without making it harder to log in for you.
- You can get notified when an IP address is blocked due to max login attempts. This can also lead to hundreds of emails, if a large botnet is involved in brute-force attack on your site, but this is not the case that often.
Regarding “Brute Force Protection” – please, read the plugin description, there’s a section on it 😉 Short answer is yes, but not only.
Cheers,
ČeslavForum: Plugins
In reply to: [Entry Views] Feature RequestHi josan420,
The plugin stores the views count as post custom field, so you can edit the value there.
Greets,
ČeslavHi,
I’m glad I could help, but bear in mind that this is support forum for AIOWPSF plugin. If you need help dealing with spammers, you have to look elsewhere, your problem is completely unrelated to AIOWPSF.
Hi,
You’re not receiving email from your site, unless you host it in Vietnam (see the whois info for the IP below):
Received: from dynamic.vdc.vn (unknown [113.162.238.203])
If you wonder how it’s possible that someone sends emails that look like they have been sent from your email address, there’s a good article on it on Lifehacker.
Cheers,
ČeslavForum: Plugins
In reply to: [Compliance by Hu-manity.co] Disable G.Analytics functionHi Cerise,
Depends on how you activate Google Analytics? You should place the activation within the
ifblock you mention:if ( function_exists('cn_cookies_accepted') && cn_cookies_accepted() ) { // Code to activate GA }If you use a plugin or a theme to insert GA code, then you need to find out how to disable the activation conditionally. Either check plugin/theme code out or ask plugin/theme developer for help.
Cheers,
ČeslavForum: Plugins
In reply to: [Compliance by Hu-manity.co] Block/Remove on certain pagesHi,
You can use the
cn_cookie_notice_outputfilter to suppress the notice:add_filter('cn_cookie_notice_output', '__return_empty_string');If the page you want the notice to not be displayed has a custom template, place the code in page template php file. Otherwise you have to use is_page or some other means to determine when to apply the filter.
Greets,
ČeslavForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Custom Error MessagesFrom 4.1.0, the
aiowps_ip_blocked_error_msgfilter is available. Marking as resolved.Hi apkajanu,
Just use it as any other filter:
function my_custom_message($error_msg) { return 'My custom error message!'; } add_filter('aiowps_ip_blocked_error_msg', 'my_custom_message');Most often you want to place this snippet in your theme’s
functions.phpfile.Cheers,
ČeslavHi apkajanu,
I’m sorry, but I cannot reproduce this issue on my tablet.
Any chance that your tablet users are all coming from a single IP address? This way, if one of them triggers lock out, all of them are blocked, because lock out is tied to an IP address.
If this is not the case, then I’m out of ideas what could be source of the problem :/
Greets,
ČeslavI still believe it’s a permission problem, given the errors you get. Anyway, to investigate it, we need more information about your setup.
Do you have any other plugin installed on all 3 websites? Any other security plugin perhaps?
Could you try to set directory permissions to
775for your whole WordPress folder (including the root folder)? Please, set the permissions recursively, ie. for subdirectories as well, and check if you can install plugins then.Can you upload media files?
Hi pandorina,
Unable to create directory.
This indicates file permissions issue. Unfortunately, without more information about your webhost setup (is it shared/dedicated webhosting, how PHP is run etc.), it’s hard to give you a 100% advice. There’s a long article about file permissions for WordPress, you might want to check it out. Your webhoster should be able to let you know what is the correct file permissions scheme for WordPress in your case.
If you don’t want to wait for reply from your webhoster, you could try to set file permissions of
wp-contentdirectory to775– you might want to apply the change to subdirectories as well, at least the immediate ones (likepluginsandthemes). You can use your FTP client for that (I can recommend FileZilla, it can change file permissions only for directories or files and apply changes recursively).Cheers,
ČeslavHi pandorina,
Are all three websites hosted on the same webhost? Are your other websites hosted at the same webhost as well?
If you get asked for FTP credentials only after you install AIOWPSF plugin (but not before), then some of the changes done by the plugin to file system must have corrupted it in a way that WordPress thinks that it cannot write new files or update existing ones as a webserver user and asks for FTP credentials instead.
The only one feature that could result in such corruption is change of file permissions under
Filesystem Security > File Permissions. But as far as I know, the file permission changes are not reverted on plugin uninstall, so it’s unlikely that this feature caused your issues. More likely your webhost setup is root of this issue, as @wpsolutions suggested above.Anyway, if you can install plugins without being asked for FTP credentials and you would still like to use AIOWPSF, forcing WordPress to directly write files should help. Try to add this snippet to your
wp_config.php:define('FS_METHOD', 'direct');Cheers,
ČeslavHi emadfathy,
The “Disable File Editing” option is not saved in database, but in
wp-config.phpfile. If you cannot change this option via plugin interface, you can edit the file yourself – you only need to remove the following line (or replacetruewithfalse):define('DISALLOW_FILE_EDIT', true);Cheers,
Česlav