miniorangesecurity

Hi @wbenterprises,

Thank you for using our product and apologies for the inconvenience caused.
We have not been informed about this issue by other customers so I think the issue can be site-specific. Could you please provide any screenshots and raise a query using the plugin so that our developers can directly look into it? You can also send a query using our Website.

Waiting for your query.

Thank you,
miniOrange Team

• This reply was modified 3 years, 2 months ago by miniorangesecurity.

Hi,

Thank you for being patient.

I would like to inform you that we have fixed the issue regarding Brute force in the recent release.

Please update the plugin to the latest version so that you can use Brute Force Protection without any issues.

If you face any issues then please let us know.

Thank you,
miniOrange team

Hi there,

Apologies for your inconvenience.

I would like to inform you that we have replicated this issue at our end.
Our technical team is trying to resolve this issue as soon as possible.

We will update the bug fix for this issue in our next release and will inform you about it.
Please stay tuned.

If you have any questions or concerns, you can raise a query through the plugin support forum.

Thank you,
miniOrange team.

Hi there,

We haven’t received any further response from you.

I hope the issue that you were facing with the firewall scanner is resolved.

For now, we are closing this ticket. If you face any further issues with the scan then you can reopen this ticket or contact us from the plugin or from our site.

Thank you,
miniOrange Team.

Hi there,

Thank you for reaching out to us and apologies for the bad experience.

It seems like a caching issue. Can you please let me know if you have a caching plugin installed on your site?

We can get in a meeting to help you stop the scan and resolve the caching issue.

Please reach out to us here or raise a query through plugin support form.

Thank you,
miniOrange team

Hello,

We haven’t heard back from you. For now, we are closing this ticket.

Please raise a support ticket from the plugin or from the Website. We will be happy to provide you the premium version pricing.

Thanks,

Hi there,

We haven’t heard back from you.

I hope the issue got resolved for you.

If not, you can reach out us here in that case.

I am closing this ticket for now.

If you have any more questions then you can reopen this ticket.

Thank you,
miniOrange team.

Hi there,

We haven’t heard back from you.

I hope you have found answers to your questions satisfactory.

I am closing this ticket for now.

If you have any more questions then you can reopen this ticket.

Thank you,
miniOrange team

Hi there,

I think it would be best to debug the issue over an online meeting.

Please raise a query through the plugin support form or reach out to us here.

Thank you,
miniOrange team.

Hi there,

Thank you for your reply. Please find my answers below.

Regarding the 403 error, you are correct that it is related to the forbidden access if anyone is not allowed to view that page or the site.

— Does enabling .htaccess only block IP addresses, or does it offer other features?
>>If you are using an apache server then .htaccess is a file available?in your WordPress directory. This file is helpful if you want to control access to the WordPress?instance. Both .htaccess and plugin level Firewall work the same but on different levels so both IP blocking as well as attack blockings work in both levels.

— What is the difference between activating .htaccess on the WAF or the Advanced Blocking page?
>>.htaccess is a firewall that provides you security if any sort of attack is happening on your website. Advance blocking is just a feature where you can define some settings like country blocking, browser blocking, etc. The firewall protects you from many popular website hacks. Country blocking and others just are setting to block access ( both legitimate and illegitimate traffic ) from a particular location, browser, etc.?

— What does SQL Injection Protection do that WordPress already does not do? Does it check all inputs from all forms from all plugins?
>>SQL injection is basically a sort of attack which takes place on your DB from the website. By default, WordPress does not provide end-to-end security as there are many plugins and any vulnerability?in any plugin can cause this issue. Our plugin keeps an eye on every request coming to your website and scans the requests. If there are any chances the request is not legit or has some sort of attacks included then it blocks it right away.

— What does it mean when “Website firewall on plugin level” AND “Website firewall on .htaccess level” are both OFF?
>>If both the settings are off it means you have not enabled any firewall on your site and it might be having vulnerabilities for attacks.?

I am adding some more details regarding the .htaccess and plugin level firewall so that you can get more ideas. If somebody is visiting your website the first thing server will check?is the .htaccess rules defined by our plugin. If the user is permitted then your website will load so that the .htaccess firewall blocks illegitimate requests before loading the website. In the plugin level firewall, the website will be loaded first and then the plugin will check if the request is illegitimate. Based on that the user will be blocked.

Hence, in conclusion, both firewalls have the same rules to block attacks only difference is when they are blocking the requests.

We have included the URL blocking feature for our next release and will let you know once it goes live.

I hope you have found answers?to your questions.

If you have any more questions then let us know.

Thank you,
miniOrange team

Hi there,

We haven’t heard back from you.

If the issue still persists, we can replicate that issue in a screen share meeting so that we can resolve it over a call.

I am closing this ticket for now. If you are facing any more issues then you can reach out to us here.

Otherwise, you can reopen this ticket.

Thank you,
miniOrange team

Hi There,

We did not hear from you.

Could you please raise a support query from the plugin or website?

For now, we are marking this thread as resolved.

Thanks,
Team miniOrange

Hi there,

We have checked the feature Brute Force Protection and it is working properly on our end.

This looks like a site-specific issue. We can replicate that issue in a screen share meeting so that we can resolve it over a call.

Please reach out here in that case.

Thank you,
miniOrange team

Hi there,

Thank you for reaching out to us.

Can you please let me know if you have changed anything in the plugin or your site?

Have you recently installed any other security/limit login plugin or any login form?

We can also help you to reach debug the issue over an online meeting.

Please raise a query through the plugin support form or reach out to us here.

Thank you,
miniOrange team.

Hi there,

Thank you for reaching out to us.

I would like to inform you that we currently do not provide Block access based on URLs.
But, we can make some customizations in the plugin to support it.

Also, all the 403 errors are nothing but blocked IPs. Hence, you can see all the 403 errors in the WAF -> IP Blacklist -> Manual IP Blocking.

We can get on a call to check this requirement on your site.
Also, you can refer to these documents for plugin level and .htaccess level WAF : [WAF]

Can you please raise a query from a support form or reach out to us here to proceed further?

Thank you,
miniOrange team