Home › Forums › BulletProof Security Pro › Login Security Status in my dashboard
Tagged: Login Monitoring, Login Security
- This topic has 14 replies, 3 voices, and was last updated 10 years, 3 months ago by
AITpro Admin.
-
AuthorPosts
-
Thomas Weiland
ParticipantHi,
I don’t want to use Login Security. I disabled it and in the S-Monitor I set it to Login Security: Login Security Status & Alerts / “Turn Off Displayed status”. But on top of my admin-Dashboard, I always get this text: || Login Security Status: Off Is it possible to disable this text?
AITpro Admin
KeymasterYes, this is a minor glitch and an additional condition will need to be added for this. Currently the Login Security Status display should be able to be turned Off from displaying in the WP Dashboard. This additional condition will be added in BPS Pro 5.8.1. We have a couple of other minor nick nacks that need to be added so 5.8.1 will be released within a week.
Just an FYI – Copied and pasted from the S-Monitor Monitoring and Alerting Options Read Me button:
Login Security: Login Security Status & Alerts
Displays On or Off status of Login Security in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the Login Security Status in your WP Dashboard.NOTE: If you turn Login Security Status Off you will no longer see Alerts, but the actual Login Security Status depends on whether you have turned Login Security Off or On on the Login Security page.
AITpro Admin
KeymasterAlso it is not recommended that you turn Off the Heads up status display for AutoRestore/Quarantine. ARQ is the only feature in BPS Pro that requires ongoing actions on your part – everything else is set and forget. Folks who have turned Off the ARQ WP Dashboard status display in the past have tended to forget to perform the standard ARQ procedural steps when modifying files on their website. The rest of the Heads up status displays are much less essential.
BULLETPROOF PRO 5.8 SECURE .HTACCESS || AutoRestore/Quarantine Status: On – Check Files Every 15 Minutes || Firewall Status: On || UAEG Status: On || Login Security Status: On
AITpro Admin
KeymasterBPS Pro 5.8.1 has been released on 5-5-2013 and this Addition/Correction to S-Monitor Login Security Status & Alerts has been made. Please upgrade to BPS Pro 5.8.1.
rphrus
ParticipantHi,
The Login Security Status & Alerts are showing in the admin dashboard for my subscribers (not admin) who use the admin dashboard note widget to write notes. Is there a way to disable the alerts? They are not admin or super-admins.
AITpro Admin
KeymasterHmm really. Ok I will have to check on this. I am not exactly sure which Login Security alerts are supposed to be displayed to non Super Admins. You can turn Off the Login Security Alerts with this option in S-Monitor: Login Security: Login Security Alerts: Turn Off Displayed Alerts
rphrus
ParticipantSome went off but the autorestore/quarantine alert
AITpro Admin
KeymasterWhich AutoRestore/Quarantine Alert? Is it this one? AutoRestore/Quarantine Alert!!! A file has been Quarantined….. The note for this alert in the code says: WP Dashboard Always On – No option setting to avoid any human error But I think that this should only be displayed to Super Admins. I will have to check on this too. I seem to remember that there was some reason for having this alert display across all Network/Multisite sites, but I will have to ask and find out if this can be changed to only show to Super Admins.
rphrus
ParticipantYes, that’s the one; here it is:
AutoRestore/Quarantine Alert!!!
A file has been Quarantined. Click Here to go to Quarantine.
To see exactly what actions were taken view the Quarantine Log.
To remove this alert click the Reset Last Modified Time in DB button on the Quarantine Log page.
—
I think this option should be taken out of for any role other than admin/super-admin. My members are subscribers and they can see them. It will scare them off. I hope there’s an option to disable this.AITpro Admin
KeymasterOk I got the answer. Yes, this particular alert will be changed in the next version of BPS Pro. There was a debate going on whether or not the alert should be shown to Authors, Editors and Contributors, but the final decision is to show the alerts to only Admins and Super Admins.
This code will be changed in this file: /bulletproof-security/includes/functions.php Code line 470 – 490 by only showing all AutoRestore/Quarantine messages and alerts to users with manage_options capability. Only Super Admins and Admin have manage_options capability.
// New installations - BPS Pro has NOT been activated & S-Monitor Options have not been saved & / or the Setup Wizard has not been run if ( !get_option('bulletproof_security_options_activation') || !get_option('bulletproof_security_options_monitor')) { return; } ... ... ... if (strcmp($last_modified_time_secs, $last_modified_time_db) != 0 && $options['bps_arcm_log_date_mod'] != '') { // 0 is equal $text = '<div class="update-nag"><font color="red"><strong>'.__('AutoRestore/Quarantine Alert!!!', 'bulletproof-security').'</strong></font><br>'.__('A file has been Quarantined.', 'bulletproof-security').' <strong><a href="admin.php?page=bulletproof-security/admin/quarantine/quarantine.php">'.__('Click Here', 'bulletproof-security').'</a></strong> '.__('to go to Quarantine.', 'bulletproof-security').'<br>'.__('To see exactly what actions were taken view the Quarantine Log.', 'bulletproof-security').'<br>'.__('To remove this alert click the Reset Last Modified Time in DB button on the Quarantine Log page.', 'bulletproof-security').'</div>'; echo $text; } else { echo ''; }
To this new code
if ( current_user_can('manage_options') ) { // New installations - BPS Pro has NOT been activated & S-Monitor Options have not been saved & / or the Setup Wizard has not been run if ( !get_option('bulletproof_security_options_activation') || !get_option('bulletproof_security_options_monitor')) { return; } ... ... ... if ( strcmp($last_modified_time_secs, $last_modified_time_db) != 0 && $options['bps_arcm_log_date_mod'] != '') { $text = '<div class="update-nag"><font color="red"><strong>'.__('AutoRestore/Quarantine Alert!!!', 'bulletproof-security').'</strong></font><br>'.__('A file has been Quarantined.', 'bulletproof-security').' <strong><a href="admin.php?page=bulletproof-security/admin/quarantine/quarantine.php">'.__('Click Here', 'bulletproof-security').'</a></strong> '.__('to go to Quarantine.', 'bulletproof-security').'<br>'.__('To see exactly what actions were taken view the Quarantine Log.', 'bulletproof-security').'<br>'.__('To remove this alert click the Reset Last Modified Time in DB button on the Quarantine Log page.', 'bulletproof-security').'</div>'; echo $text; } }
AITpro Admin
KeymasterAnd actually it looks like several other Dashboard alerts are now going to be doing this as well.
rphrus
ParticipantGood Job! I updated the file. However, to make it totally disappear from other roles other than admin/super-admin, the following alerts are still on if I selected to display alert in WP dashboard in the S-Monitor (although selection of alert to appear in WP dashboard should only appear for admin/superadmin) but they do appear for other user roles.
Here are the alerts:
Security Log Alert
A New Security Log Entry Has Been Logged. Click Here to go to your Security Log.
To remove this alert click the Reset Last Modified Time in DB button on the Security Log page.
A PHP Error has been logged in your PHP Error Log
Click Here To go to the P-Security PHP Error Log page.
To remove/clear this Alert click on the Reset Last Modified Time in DB button.
BULLETPROOF PRO 6.5 SECURE .HTACCESS || AutoRestore/Quarantine Status: On – Check Files Every 15 Minutes || Firewall Status: On || UAEG Status: On || Login Security Status: On
First Install / Launch S-Monitor Notification
To turn this static alert off Click Here to go to the S-Monitor Monitoring and Alerting page and select Turn Off Displayed Alert for the First Install / Launch S-Monitor Notification (Static Alert) option.—Note: I left the css styling there..too much to edit to take them out–
AITpro Admin
KeymasterThe Security Log Alerts & PHP Error Log Alerts will have the same condition.
if ( current_user_can('manage_options') ) {
The First Install / Launch S-Monitor Notification should just be turned off. it is an older option that is no longer being used and is pending removal.
The Status display is intended to be displayed to all users, but a new option is being considered for Network/Multisite sites. Display Status in WP Dashboard to Admins only.
rphrus
ParticipantPlease be more specific, which lines should I edit.
Thanks
AITpro Admin
KeymasterA final decision has been made to display all Dashboard alerts and all the Dashboard Status options to Administrators only. The new BPS Pro zip file is available for download from the Secure Download Area. When installing the new BPS Pro zip file that you have downloaded to your computer, use the BPS Pro Upload Zip installer – DO NOT use the WordPress Upload Zip installer.
Click the BPS Pro Install / Backup Menu link to go to the BPS Pro Upload Zip installer page.
Upload the BPS Pro zip file and install it.
AutoRestore/Quarantine is automatically turned Off when using the BPS Pro Upload Zip installer. After the zip installation is complete turn AutoRestore/Quarantine back On. -
AuthorPosts
- You must be logged in to reply to this topic.