• Resolved raha1988ab

    (@raha1988ab)


    Hi
    1-I’m using your plugin more than 3 years and its very nice but I couldn’t config that to hide the information of my user to hackers. even when I disabled the rest api

    site.com/wp-json/wp/v2/users
    /wp-json/wp/v1/users
    /wp-json/wp/v3/users

    In Wordfence free version it is automatically block that code.
    Would you please help to block this code to hiding my information from hackers???

    2-The google recache v3 dos not supported by yours?

    3-Why the Reset settings of all-in-one-wp-security-and-firewall have another plugin and It wasn’t published to wordpress site? I think its better you put that settings into your amazing plugin.

    Thanks.

    • This topic was modified 3 years, 6 months ago by raha1988ab.
Viewing 15 replies - 1 through 15 (of 21 total)
  • Thread Starter raha1988ab

    (@raha1988ab)

    4-I used the Rename Login Page and hacker could find the URL ! and I changed my strategy to Cookie Based Brute Force Prevention but the hacker could find the URL again , How ???

    5-I fixed the Number 1 by installing Disable REST API

    • This reply was modified 3 years, 6 months ago by raha1988ab.
    Thread Starter raha1988ab

    (@raha1988ab)

    Hi
    @mbrsolution

    Would you please help me ?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    4-I used the Rename Login Page and hacker could find the URL ! and I changed my strategy to Cookie Based Brute Force Prevention but the hacker could find the URL again , How ???

    Try the following documentation.

    https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

    Let me know if the above helps you.

    Thank you.

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi

    1-I’m using your plugin more than 3 years and its very nice but I couldn’t config that to hide the information of my user to hackers. even when I disabled the rest api

    site.com/wp-json/wp/v2/users
    /wp-json/wp/v1/users
    /wp-json/wp/v3/users

    In Wordfence free version it is automatically block that code.
    Would you please help to block this code to hiding my information from hackers???

    2-The google recache v3 dos not supported by yours?

    3-I did what was that document said and Now I get this : XML-RPC server accepts POST requests only.

    A-I removed your plugin
    B-I removed your plugin table with advanced-database-cleaner-pro
    C-I installed again your plugin
    D-I changed the settings but it still show me the XML-RPC
    Now what should I do?

    • This reply was modified 3 years, 6 months ago by raha1988ab.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, did you follow my documentation above? If you did and you are still having this issue, what type of server is your site hosted in? Who is your host? Have you been in contact with your host about this issue?

    Regards.

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi
    You were right, it was caused by CyberPanel that I’m using it,
    https://forums.cyberpanel.net/discussion/1399/tutorial-how-to-block-xmlprc-php-in-ols
    With that I could fix that problem but still hackers find my login url and I have no registration form or any subscribers
    No Idea how to fix that…

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, what happens when you type an incorrect login URL. What error message do you receive?

    Also, are you saying people are discovering your secret login URL?

    Thank you.

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi
    I don’t know why I’m not receiving email of logs, changes, backup of database, attacks …
    I changed the url to Cooke based and this is it:
    https://mysite/?ZIPpar99khulujackSK57YPErop8FRUITY86EP=1
    But I see in our logs that belongs to last night and there were some users try to login the site…

    Hi, what happens when you type an incorrect login URL. What error message do you receive?

    Now I set the failed login to redirect 127.0.0.1

    Also, are you saying people are discovering your secret login URL?

    Yesssss!
    My question is how they found our secret login URL?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    My question is how they found our secret login URL?

    I would get in contact with your host. Something in your site or server might be causing this issue.

    Kind regards.

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi
    I have exclusive server and runing the CyberPanel contrpl panel that is free and powerfull.
    If anything I can ask form theme , Please tell me.
    Thanks

    Thread Starter raha1988ab

    (@raha1988ab)

    Today I tried to add some widget in my sidebar and The litespeed show me the error, After disabling your plugin, the problem was gone.
    Do you want I give you an access to host that you can test it?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, the plugin developers will investigate further your issue.

    Thank you.

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi and thanks for attention and your support
    The litespeed problem in widget is https://snipboard.io/Tneoj0.jpg
    and will solve when I remove the All In One WP Security & Firewall
    Thanks

    Thread Starter raha1988ab

    (@raha1988ab)

    Hi
    I read all documents in this link
    https://mbrsolution.com/wordpress/all-in-one-wp-security-and-firewall-plugin.php
    But there was problem, the comment was closed, So I ask here

    What is the maximum time for these in plugin settings:
    User Login -> Login Lockdown Configuration -> Login Retry Time Period (min)
    User Login -> Login Lockdown Configuration -> Time Length of Lockout (min)

    in locked IP addresses, I have 3 issue, first there is no option for exporting the logs, and no option to add all of the ip or selected to add in permanent black list, and after many failed login attempt , I saw there was 56 logs of ip address, I put all of them in black list, but I don’t know why after an hour the number of those list was decreasing!

    Would you please help me ?
    Thanks

    • This reply was modified 3 years, 5 months ago by raha1988ab.
    Plugin Support vupdraft

    (@vupdraft)

    Hi,

    Login Retry – 5 Minutes
    Time length of lockout- 60 Minutes

    Regarding the locked IP addresses, you can block them by adding them to the Blacklist Manager. The reason for the decreasing is probably because they have met the Time length of Lockout criteria (maximum 60 minutes), after which the logins are no longer blocked.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘How block REST API Handbook’ is closed to new replies.