Česlav Przywara
Forum Replies Created
-
Hi Mike,
I’m not sure, but I can think of two possible reasons:
- If your site is a subdirectory install, black listing will only protect the back-end – this is a known issue.
- If you have any other rules in your .htaccess file before the blacklisting rules you pasted here, they might prevent the blacklisting rules from being executed.
Cheers,
ČeslavHi Joshua,
There’s no easy way to do it, but it can be done by removing an action that inserts JavaScript snippet that implements copy protection (note:
$aio_wp_securityis a variable in global scope):remove_action('wp_footer', array($aio_wp_security, 'aiowps_footer_content'));You have to run it after
initaction with priority 0, so for example ininitaction with priority above 0 or inwp_loaded(not inafter_setup_theme):function disable_copy_protection() { global $aio_wp_security; remove_action('wp_footer', array($aio_wp_security, 'aiowps_footer_content')); } add_action('wp_loaded', 'disable_copy_protection');Of course, you want to run the this code conditionally, ie. only on your login page. Since I don’t know what’s your login page like, I cannot give you any specific advice here.
Cheers,
Česlav- This reply was modified 9 years, 5 months ago by Česlav Przywara. Reason: typo: global, not globals
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] LockoutAnd do you know which plugin exactly it is (that is conflicting with AIOWPSF)?
Yes and no. Yes, because it will solve the reported problem. No, because it’s still not 100% correct. You want something like this:
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mydomain\.tld [NC]Hi @nikanadv,
I’ve never heard about WordPress “test cookie”. Are you sure this “test” user logins aren’t caused by another plugin (or service) you have active on your sites?
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] LockoutHi @weblady1,
AIOWPS […] is apparently conflicting with another updated plug-in on just one domain.
Is this a plugin from plugins directory? If so, let us know and we’ll check, if anything can be done to avoid the conflict.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Hotlinking issueHi Alex,
I’m glad I could help. I’m going to mark this thread as resolved, but feel free to reopen it, if you experience any further problems because of the plugin.
Cheers,
ČeslavHi,
Check this post.
Btw. could you let us know more about your problem? “I’m unable to log into the back end” – how do you know it’s because of AIOWPSF? I’m curious, because I’m running this plugin on PHP7 without any problems so far, but I might have a different setup.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] New REST APIHi,
No, AIOWPSF does not offer this feature yet. I might check how Wordfence does it and reimplement it, I would like to see this feature in AIOWPSF as well.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] BASE 64 CODE?Hi,
Yes, it is supposed to be there, there are legitimate ways to use this function (besides obfuscating malicious code):
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/classes/wp-security-user-registration.php#L70
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/classes/wp-security-user-registration.php#L101
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/classes/wp-security-captcha.php#L86
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/classes/wp-security-general-init-tasks.php#L389
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/classes/wp-security-general-init-tasks.php#L438
Cheers,
Česlav@mbrsolution – these rules are added to .htaccess when image hotlinking feature is activated.
@gavinswordpress3 – I’ll submit a patch for the function that creates the domain regex. Thanks for reporting this!
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Hotlinking issueHi Alex,
The anti-hotlinking firewall rule triggers when the HTTP(S) request comes with non-empty referrer that doesn’t match the domain of the website. We employ almost verbatim copy of the first example here: https://httpd.apache.org/docs/2.4/rewrite/access.html#blocked-inline-images
Perhaps the problem could be solved on your side by manipulating the referrer that your optimization API sends: either by removing it completely from request or setting it to root URL of the currently accessed website? I don’t know, if such solution has any “moral” implications for you, but I don’t see anything wrong in it – after all you are acting on behalf of your users (owners of the website).
Cheers,
Česlav- This reply was modified 9 years, 5 months ago by Česlav Przywara.
Forum: Plugins
In reply to: [Simple Download Monitor] Create a password that is not case sensitive@mbrsolution, I don’t know if such feature is considered generally useful – maybe someone from plugin authors (@mra13) could comment on this?
- This reply was modified 9 years, 5 months ago by Česlav Przywara. Reason: grammar
Forum: Plugins
In reply to: [Simple Download Monitor] Create a password that is not case sensitiveYou have probably omitted one opening or closing parenthesis. The whole line should read:
if (strtolower($post_pass) != strtolower($pass_val)) {Hi @wpmot,
You probably had “Display Generic Error Message” feature enabled (under User Login > Login Lockdown tab). Disable it and you should be fine.
Cheers,
Česlav