Home › Forums › BulletProof Security Pro › WordPress Author Enumeration Bot Probe Protection – Author ID, User ID
Tagged: author, Author ID, author name, Bonus Custom Code, Bot, enumeration, User ID
- This topic has 36 replies, 10 voices, and was last updated 7 years, 2 months ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterWhat type of Network|Multisite is your site? Subdomain standard, Subdirectory standard, Subdomain GWIOD or Subdirectory GWIOD?
Pako
ParticipantHi
Mapped domains i.e.:www.primary-site.com www.chield-side.com
AITpro Admin
KeymasterOk let’s try this instead – what do you see when you add this Query String on the end of an URL|URI: Example:
http://forum.ait-pro.com/?author=1
Pako
ParticipantI see the author page archive like http://www.primary-site.com/blog/author/my-username/
AITpro Admin
KeymasterOh ok yeah we are looking into the change the WP recently made with internal Rewriting. It appears that WP has made major changes to internal Rewriting that negate this particular htaccess Author Enumeration Bot Probe Protection on Network sites. We assume this was done intentionally by WP, but maybe this is just a new problem that needs a new solution. 😉 We will fiddle around with this in the next couple of days and post our findings here after fiddling.
Pako
ParticipantThanks a lot 🙂
So I’ll wait before switching from Wordfence because as multisite username can be found: it’s also possible to anyone who has this username to lockout this account if BPS Login Security & Monitoring is activated 🙁
Question: BPS do not have the same option as Wordfence like blocking people who are trying to log in with as username that I defined as forbiden?
Thanks
AITpro Admin
KeymasterWell I don’t want to negate Wordfence, but Wordfence is for amateurs and BPS Pro is…to say it plainly, for folks who want real website security protection. 😉 We think Wordfence is ok, but we have created something that is “bulletproof”/far superior. 😉 Overall, whether or not a Bot got your author name would not matter if you have BPS Pro since JTC Anti-Spam|Anti-Hacker would stop the hacker or spammer.
A perfect example is this forum site. We don’t bother with trying to block or hide or do anything at all with author/usernames because we are using BPS Pro JTC Anti-Spam|Anti-Hacker so there is no need to use the Author Enumeration Bot Probe Protection on this site at all. The Author Enumeration Bot Probe Protection Bonus Custom Code was created for BPS free plugin users. 😉
Pako
Participant(lol) you have me almost convinced to buy the pro version 😉 but I need other answers before like how to manage wp rocket htaccerss stuff nicely: http://forum.ait-pro.com/forums/topic/wp-rocket-plugin-htaccess-code-where-to-put-it/#post-30024
Thanks again
AITpro Admin
KeymasterOk I’ll take a look at your other post and post an answer. We don’t do a hard sell with BPS Pro, but this is a pretty impressive fact – “BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 20,000 websites worldwide. Not a single one of those 20,000+ websites in 5+ years has been hacked.”
Pako
Participant(is Block Bad Queries (BBQ) plugin usefull if I buy BPS Pro?)
AITpro Admin
KeymasterHonestly, nope BBQ is not going to add any additional security protection that BPS and BPS Pro do not already do/have.
Pako
Participantgreat 🙂
And last questio (I promis) I’m trying to find where I must write the rules I had before BPS install like .htaccess autentification, you know all atht stuff:
ErrorDocument 401 "Denied" ErrorDocument 403 "Denied" <FilesMatch "wp-login.php"> AuthType Basic AuthName "Secure Area" AuthUserFile "/home/blabla/.htpasswds/public_html/wp-admin/passwd" require valid-user </FilesMatch>
This was to protect login.php but I had the same in /wp-admin .
All those rules was wrote by my Cpanel.AITpro Admin
KeymasterYour BasicAuth htaccess code goes in this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN TOP:
wp-admin password protection & miscellaneous custom code hereYou don’t need to add the ErrorDocument htaccess code because BPS already has/uses that code.
Pako
ParticipantOupss I can’t find the text box you said… 🙁
But to be more precise I was protecting 2 things:
root login.php with rules in my root .htaccess file and /wp-admin/ with rules in my /wp-admin/ .htaccess file
This one was a little bit different :# Allow plugin access to admin-ajax.php around password protection <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files> AuthType Basic AuthName "Secure Area" AuthUserFile "/home/blabla/.htpasswds/public_html/wp-admin/passwd" require valid-user
AITpro Admin
KeymasterBPS already protects the admin-ajax.php file by default so you don’t need that code either.
htaccess Core > Custom Code > CUSTOM CODE WPADMIN TOP > add your BasicAuth htaccess code > click the Save wp-admin Custom Code button > go to the security modes page > Activate wp-admin BulletProof Mode.
-
AuthorPosts
- You must be logged in to reply to this topic.