More Security

  • Hi men!
    Yes, more security for the next Update.

    For example: Block malicious Bots opts.

    But, I need that you check this please:
    https://www.wpdoctor.es
    Try with this site:
    https://techcrunch.com/ (Wp-Doctor score: 69 / 100)

    Or this: https://stylenews.peoplestylewatch.com/ (Wp Doctor score: 53 / 100)

    For example: User-agents blocked (WAF)
    I’m using AIO Wp Security, and I’m have FireWall active, but, this rule appears in Red. Why?
    Because Wp Doctor does not detecte AIO FireWall. So, please…

    Remember the solution for Full path discloruse in the other post. And Two factors of authentications (compatible all this with buddypress and bbpress).
    Other: Information Leak: Solution for readme.html and Cabecera Content-Security-Policy

    Option: Hide My WP. Description: If you active this option, your WP site can be not detected by for example Wp Doctor, What WordPress Theme Is That? or Whatever… you know.


    SOLUTIONS::::::::

    
# Disable Index Directories
Options All -Indexes

# Protect  htaccess
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

# Disable Server Signature
ServerSignature Off

# No recrear el archivo install
<Files install.php>
order allow,deny
deny from all
</Files>

# Stop Spam
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*YOUR-WEB-SITE.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]

# Protect wp-config
<files wp-config.php>
order allow,deny
deny from all
</files>

# Protect WP-Includes
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

#  TRACE  HTTP and TRACK
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# Protect Headers   
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header always append X-Frame-Options SAMEORIGIN

# Disable Hotlinking 
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YOUR-WEB-SITE.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ a€“ [NC,F,L]

#  SQL Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, thank you for your suggestions. The plugin developers will review further your request.

    Kind regards

    Thread Starter livingflame

    (@livingflame)

    Hi @mbrsolution

    I know that you have a lot of works, but, please, if you can, add:

    – Historial of Visits by IP (with flag), Yes, WordFence has this, but, WF and AIOWSF together does not works well.
    Yes, because your plugin has Login Records, its okey, but, not has Historial of Visits.
    – Better File Scaner
    – Malware Scaner connected to Sucuri for example
    – More Ddos protection
    – Better FireWall
    – Google reCaptcha
    – More Security for BuddyPress and Bbpress (please, remember the problem with AIO captcha and bp login).

    • This reply was modified 7 years, 10 months ago by livingflame.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘More Security’ is closed to new replies.