• Resolved Nick

    (@hellosite)


    Hello

    Is it possible to show the custom message when someone in blocked to sign in ?

    It show Wordfence logo with default message

    Thanks

    Best Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @hellosite, thanks for getting in touch!

    The “Custom text shown on block pages” option on Wordfence > All Options > Brute Force Protection > Additional Options is designed to add some explainer text to your site visitors on the Wordfence-branded 503 error pages that are shown to people locked out from your site entirely after violating the rules you have set there.

    It cannot currently be white-labeled or restyled without being overwritten at the next plugin update, but we have had requests for adding this functionality in the past and have noted it for possible future development.

    Thanks,

    Peter.

    Thread Starter Nick

    (@hellosite)

    Hello @wfpeter

    Thank you for your reply

    As this page see only the users after violating the rules and also a possible hacker then by showing Wordfence logo, you give the important informations.

    1. That this is a WordPress website

    I use the plugins to hide all wordpress plugins and urls but with this message everyone understand that this is a WordPress website.

    2. Firewall

    You also show to hackers that I use Wordfence firewall. This is also important information and as we know the Wordfence has vulnerability in 7.6.1 and 7.6.2 versions then why give this information to hackers ?

    3 White-label

    I understand you need to promote your plugin but by showing the Wordfence logo to hackers or when they are blocking will not help to promote your plugin. They are not the audience that you need to show.

    If you disable any information that can show that the website use Wordfence firewall to any users that will improve the security of the websites.

    Thank you for your awesome plugin and for your support ??

    Best regards

    Plugin Support wfpeter

    (@wfpeter)

    Hi @hellosite, I’m really pleased you’re enjoying Wordfence.

    I absolutely under the circumstances don’t want to cause disagreement but I do want to state our general stance on “security through obscurity”, similar to hiding WordPress login pages, or adding obscure database table prefixes is that knowing Wordfence or indeed WordPress is installed on a site is not a security issue in itself.

    Attackers rarely pre-check for the presence of specific vulnerable plugins or WordPress versions as this takes additional time so will often act in a “hit and hope” manner. If somebody is checking a site, the publicly visible page source or commonly known paths for an open source product such as WordPress would allow them to discover this fairly quickly.

    Provided you have 2FA and reCAPTCHA enabled for your administrative accounts – as also recommended by WordPress themselves when stating exposure of usernames isn’t a security risk – and complex passwords set for your cPanel/FTP/database/host etc. then Wordfence will look after your WordPress installation using its extensive database of vulnerabilities, IPs and signatures to detect exploitable plugins, known current “bad” IPs, and malicious files.

    Regardless of this, I have made our team aware of your thoughts and every suggestion put forward by our customers is always internally considered.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Custom message’ is closed to new replies.