Wordfence and PHPIDS

Viewing 5 replies - 1 through 5 (of 5 total)

  • They are basically two different things. Wordfence does not use an approach similar to MuteScreamer/PHPIDS.

    Plugin Author Wordfence Security

    (@mmaunder)

    Hi Phil,

    I’m not familiar with that product so I really can’t comment.

    Regards,

    Mark.

    https://en.wikipedia.org/wiki/PHPIDS
    https://github.com/PHPIDS/PHPIDS

    It’s more volatile, than your plugin Wordfence. It blocks serious attacks and is based on a threat level. So depending on what you have set for the threat level, you could easily get a lot of false positives.

    Thread Starter phil_trottier

    (@phil_trottier)

    That is why I was thinking of deactivating that plugin.

    It’s been giving out false positives on some Ajax requests and configuring it to disregard all possible Ajax requests on my site is not something I am keen on doing.

    I basically like the PHPIDS approach but not so much the plugin. So I was wondering if Wordfence would be considered sufficient to protect my website.

    Thanks,

    Phil

    The problem is that Ajax is inherently dangerous as it relies too much on user input.

    If you use the MuteScreamer plugin you need to exclude some of the items or set the threshold higher so people won’t get locked out. Better to have some protection than none at all.

    If you’re wanting more protection, try installing ZBBlock. Be warned it’s not a plugin, so it takes a bit of knowledge, time, and patience to install/setup.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence and PHPIDS’ is closed to new replies.