eddyferns

Thanks a lot for your responses.

Hi,

I will be th only person to log in.

But I still need to know what ‘For 5 minutes, if more than 5 POST requests within 15 seconds’ really means?

Kind regards
Ed

Hi,

Yes it is the “Login Protection” page. After clearing the cookies it is showing up.

With Brute Force set to ‘always on’ can’t the hackers/bots brute force the user and password in HTTP authentication?

Under ‘yes, if under attack’ option:

1. For ‘Protect the login page against’, which one do I pick – Get, Post or Get and Post?

2. For ‘Password-protect it’ what does ‘For 5 minutes, if more than 5
POST requests within 15 seconds’ mean?

Kind regards
Ed

Regarding fileguard, there is a message in the firewall log, Is that the one you are referring to?

By the way I am able to see the files listed in wp-includes folder via the url even though that option is checked for protection.

Thanks

Hi,

Thanks for the answers.

B. Firewall
2. But WordPress in its official ‘Hardening WordPress’ guide suggests to move the wp-config.php up one directory outside the public_html folder.

C. Block PHP access
I mean protecting everything in the wp-contents folder and the folder itself, as there are themes, plugins etc. in it. And by put protection over will the site work and will people be able to access the website? And how do I add the wp-content folder through the Ninja interface?

E. File Guard
I did create a php file and uploaded into the public_html folder and accessed it through the browser. There was no alert at all.

Kind regards
Ed

Hi,

Thanks for your reply.

In view of this is it better to enable other features as well once live?

And would it be better to install the plugin after going live?

Ed

Hi

You said before to remove any “auto_prepend_file” directives (even empty ones). But now you say that it needs “auto_prepend_file” directive.

The host responded saying:
I am not entirely 100% how the directive needs to be added to the php.ini file at the moment it is just “auto_prepend_file = “.

Kind regards
Ed

Hi

As I said before the aio_wp_security_configs doesn’t show up in the database, only the aforesaid files listed above.

Secondly aio_wp_security_configs shows listed among the other files at the time of deleting all the plugin files when uninstalling the plugin through the WordPress plugin section.

Many thanks
Ed

Hi,

The host ask the following question as they are trying to sort it out:

What was the exact requirement that the firewall plugin needed from the php.ini?

By the way, should the Ninja code be at the first line only for the .htaccess file or for the php file as well?

Kind regards
Ed

I have restored my backup prior to your plugin install. I tried exactly what you mentioned above.

The config still remains. It looks like the plugin leaves traces somewhere.

Kind regards
Ed

I deleted those tables and installed a fresh copy. The config still remains.

Kind regards
Ed

No I haven’t. Should I?

Kind regards
Ed

Hi,

There is no table called aio_wp_security_configs. But the following are there:

aiowps_events
aiowps_failed_logins
aiowps_global_meta
aiowps_login_activity
aiowps_login_lockdown

Kind regards
Ed

Hi

Yes, I even did that yet the configs still remain.

Kind regards
Ed

Hi,

Okay I’ll do that. If there is any issue I’ll let you know.
Thanks a lot for all your replies!

Ed