chesio / bc-security Goto Github PK
View Code? Open in Web Editor NEWHelps keeping WordPress websites secure.
License: The Unlicense
Helps keeping WordPress websites secure.
License: The Unlicense
A simple button will do.
Maybe some simple ones for start and then more advanced around version 1.0 (when API becomes stable).
Either add an interface to edit existing settings or reimplement configuration to use filters.
Use the "circled number" indicator to inform about number of new items in log and IP blacklist since last visit.
See #46 for background.
The question is how to deal with records that are already in database?
See #46 for background.
...and make such logs accessible via backend in some way.
Undefined index: SERVER_ADDR in [...]/bc-security/classes/BlueChip/Security/Modules/Events/Monitor.php on line 39
Error has been introduced in 7ac0c37.
Currently this affects only automatic IP blacklist pruning, but should be fixed before #19 is implemented.
Especially when run directly via PHP-CLI.
I like scalar type hinting and return type declarations, but there are more interesting new features.
Motivation: Now when checklist checks are executed asynchronously, it could make sense to include checksum verification as yet another check in the checklist.
Notes and questions to be considered:
Should link to the blacklisting form with IP address and comment prefilled. Requires #3 to be implemented first.
There's no official API yet, but there's unofficial API by WPCentral. See WPCentral/WP-CLI-Security for usage example.
Although there are legitimate plugins that need write access to wp-config.php
, having wp-config.php
that is read-only has some security benefits.
All expired entries should be removed.
Leave current values as default, but provide filter to change them.
See https://github.com/pluginkollektiv/checksum-verifier for a good example.
Basic idea: let WordPress sites with BC Security installed share their blacklists in order to pre-emptively block attacking IPs.
In other words, check whether wp-password-bcrypt is installed.
This can be really useful sometimes.
Use case: mute email notifications in certain environments (development, staging, test).
Idea: allow to mute all or specific notifications only.
Error log check (see #13) can trigger 404 events that subsequently get logged.
A straight-forward solution is to ignore any 404 events, if remote IP address is equal to server IP address. Not sure if there are any drawbacks...
See #46 for background.
To goal is to make it possible to run just basic or advanced checks separately. Of course the option to run all checks should be retained.
Also allow to exclude particular check from automatic run (and reporting).
Trying to get property of non-object in bc-security/classes/BlueChip/Security/Modules/Notifications/Watchman.php
on line 250.
I don't know why I haven't this implemented together with #33...
For example: autodiscover/autodiscover.xml
In general: come up with a way how to keep log table reasonably sized.
Notes:
ini_set()
). The idea is to have this security issue covered.Makes sense especially for checks that are monitored.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.