New plugin name / direction feedback

  • Resolved rtpHarry

    (@rtpharry)


    1 month ago

    Just read the post about you moving to “security” over “ssl”.

    The journey to here article was interesting but left me with questions.

    You mention using network level hardening should be providing the waf. And that the current plugins have confusing features.

    I agree, but I don’t see a route forward. It’s not something I want to mess around with, and create a security deficit on the sites I manage.

    I do, however, like your plugins, and I like the way that you structure them and you have been responsive on github issues I’ve raised, so I’m interested in the plugin as the security solution.

    At the moment I have two problems:

    • Not sure about network level protection. If sites are in reseller accounts, or I dont know exactly, but I dont think this is something that I can just control? So if not I guess the security aspects of this plugin are not for me, as they are not going to provide full protection?
    • The settings are still confusing as there is now a growing overlap between Wordfence and this plugin, and I don’t know what should be enabled. I’ve been doing the security hardening and then ignored the other features that you have added as I don’t know what the best path forward is.

    I just dont know what I dont know and security plugins only protect you in theory, and I’m against people that know my sites limitations much better than I do, and I’ll only maybe find out once its too late.

    So at the moment there is a gap between having confidence of taking action with any kind of pro solution, and because of the invisible nature of the thread, I don’t know how to possibly move forward with any confidence.

Viewing 1 replies (of 1 total)
  • Plugin Support jarnovos

    (@jarnovos)

    Hi @rtpharry,

    Thank you for using Really Simple Security and for your questions!

    1 – Am I correct that your first question concerns using the plugin’s security features in combination with ‘reseller accounts’, where you might not have “full” control over all aspects of the configuration?

    With “network-level” protection we are mainly referring to services such as CloudFlare, since effective website security consists of multiple layers: WordPress plugins like Really Simple Security operate at the application level, and are therefore very suitable to make decisions based on WordPress-specific context (e.g., login attempts, plugin interactions and such). However, the webserver would still have to process the requests.

    Network-level solutions (such as CloudFlare) can take effect before (malicious) traffic reaches your WordPress site, which provides broader protection against general web threats (e.g., DDoS attacks, bot traffic), and can handle large-scale attacks that might overwhelm a server-level solution. Though it doesn’t have as much context as a WordPress-based approach.

    A combination of network and application-level solutions allows for broad protection whereby each solution covers potential ‘gaps’ in the other’s capabilities. I would additionally recommend the following article on the subject: https://really-simple-ssl.com/enable-an-efficient-and-performant-firewall/

    2 – Really Simple Security is a full-featured security plugin. I would not recommend using all features of two security plugins simultaneously, as this has the potential to cause conflicts or unnecessary performance impact.

    The exact security needs of a particular website will vary. Our plugin allows you to customize security measures based on your requirements, whether it’s a blog, or an e-commerce site handling sensitive data. To name an example, on a site where users can enter payment information or other personal details, you may want to consider enforcing Two Factor Authentication for “Subscriber” accounts as well (besides admins), while that might be excessive for a simple blog.

    My recommendation would be to enable the desired security features for your site by going through the Really Simple Security onboarding; and make adjustments where necessary via the plugin’s interface (for instance, enforcing settings like Two Factor Authentication for more user roles than just Administrators).

    Kind regards, Jarno

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.