Skip to:
Content
Pages
Categories
Search
Top
Bottom

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

  • contrasupport
    Participant

    @contrasupport

    Up to now – Yes – NinjaFirewall combine with Stop Spammers, Akismet, Captcha and other plugins of your choice as long they work together and do not slowing down your website.

    The draw back of NinjaFirewall is that you have to know how to set it properly otherwise Editor/Author will have problem updating.

    Other things you can do:

    If under attack — You still need to scan and look for continuous IP/username and manually add them to the Stop Spammers AND Report them to Stop Forum Spam/Project Honey Pot

    If you do not have time to read/check your Themes line by line install Theme Authenticity Checker
    https://wordpress.org/plugins/tac/


    contrasupport
    Participant

    @contrasupport

    Most of wordpress plugins mentions above work like

    Attacker > HTTP server > PHP > WordPress > PLUGINS

    We all need to have something before WordPress that’s why I recommend

    NinjaFirewall (I do not have any relation with the plugin creator)

    https://wordpress.org/plugins/ninjafirewall/

    Block the attacker before the WordPress

    Attacker > HTTP server > PHP > NinjaFirewall > WordPress > PLUGINS

    As always in installing any plugins that possibly can block your admin access you have to read the Installation note and have access to the FTP.

    NinjaFirewall will work as another layer to protect your site.

    In addition if you have not done it:

    1. Change your “Admin” username to something dificult and at least 10 characters (+) but easily to remember (+ for you – for security) or you have to read a note (-) safely secured in your safe locker (+)
    2. Make your password at least 25 COMBINATION of characters (+) but easily to remember (+ for you – for security) or you have to read a note (-) safely secured in your safe locker (+)

    NinjaFirewall:

    • Web Application Firewall
    • Full standalone web application firewall
    • Multi-site support
    • Compatible with shared hosting accounts
    • Protects against RFI, LFI, XSS, code execution, SQL injections, brute
    • force scanners, shell scripts, backdoors and many other threats
    • Scans and/or sanitises GET / POST requests, HTTP / HTTPS traffic, cookies, server variables (HTTP_USER_AGENT, HTTP_REFERER, PHP_SELF, PATH_TRANSLATED, PATH_INFO)
    • Sanitises variables names and values
    • Advanced filtering options (ASCII control characters, NULL byte, PHP built
    • in wrappers, base64 decoder)
    • Blocks username enumeration scanning attempts through the author archives and the login page
    • Blocks/allows uploads, sanitises uploaded file names
    • Blocks suspicious bots and scanners
    • Hides PHP error and notice messages
    • Blocks direct access to PHP scripts located inside specific directories
    • Whitelist option for WordPress administrator(s), localhost and private IP address spaces
    • Configurable HTTP return code and message
    • Rules editor to enable/disable built-in security rules
    • Activity log and statistics
    • Debugging mode

    contrasupport
    Participant

    @contrasupport

    5-10 is OK — When I was handling a job application site every month we received 4000-5000 applicants and and had about 75-200 “bad users” we did have people entering bad email for their job application but it was also sometime the applicant mistype their email AND ending up shooting registration confirmation to the wrong/closed/nonexistent email at Gmail/Yahoo/Hotmail etc (I had to deal with those email providers 1-2 times a year to make sure that my Mail Server is not on the blacklist).

    Btw on the Stop Spammers setting add the StopSpamForum API that way it easier for you to check or submit bad user (add Honeypot & Botscout if possible). Also “Check Spam Words” on the setting and add to them if you see a bad username keep popping up with different IPs.


    contrasupport
    Participant

    @contrasupport

    How about using the following plugins:

    1. Stop Spammers by Keith Graham
    2. Captcha by BestWebSoft.

    FYI: I have no relation with the plugin creators

    NOTE: Just make sure you also have access to the FTP in case you you are locked out from the admin. Since I do not know what other plugins you have on your site — Some plugins are not compatible with others (e.g I used different CAPTCHA plugin and it locked me out). If you are locked out from the admin just use the ftp to DELETE or RENAME THE plugin folders to disable THE “bad plugins”

Viewing 4 replies - 1 through 4 (of 4 total)
Skip to toolbar