chesio / bc-security Goto Github PK
View Code? Open in Web Editor NEWHelps keeping WordPress websites secure.
License: The Unlicense
Helps keeping WordPress websites secure.
License: The Unlicense
In general: come up with a way how to keep log table reasonably sized.
Especially when run directly via PHP-CLI.
See https://github.com/pluginkollektiv/checksum-verifier for a good example.
Although there are legitimate plugins that need write access to wp-config.php
, having wp-config.php
that is read-only has some security benefits.
This can be really useful sometimes.
Makes sense especially for checks that are monitored.
...and make such logs accessible via backend in some way.
See #46 for background.
See #46 for background.
To goal is to make it possible to run just basic or advanced checks separately. Of course the option to run all checks should be retained.
Basic idea: let WordPress sites with BC Security installed share their blacklists in order to pre-emptively block attacking IPs.
Either add an interface to edit existing settings or reimplement configuration to use filters.
For example: autodiscover/autodiscover.xml
Motivation: Now when checklist checks are executed asynchronously, it could make sense to include checksum verification as yet another check in the checklist.
Notes and questions to be considered:
Trying to get property of non-object in bc-security/classes/BlueChip/Security/Modules/Notifications/Watchman.php
on line 250.
Use case: mute email notifications in certain environments (development, staging, test).
Idea: allow to mute all or specific notifications only.
Error log check (see #13) can trigger 404 events that subsequently get logged.
A straight-forward solution is to ignore any 404 events, if remote IP address is equal to server IP address. Not sure if there are any drawbacks...
Error has been introduced in 7ac0c37.
There's no official API yet, but there's unofficial API by WPCentral. See WPCentral/WP-CLI-Security for usage example.
In other words, check whether wp-password-bcrypt is installed.
Maybe some simple ones for start and then more advanced around version 1.0 (when API becomes stable).
Leave current values as default, but provide filter to change them.
I like scalar type hinting and return type declarations, but there are more interesting new features.
Also allow to exclude particular check from automatic run (and reporting).
Use the "circled number" indicator to inform about number of new items in log and IP blacklist since last visit.
Notes:
ini_set()
). The idea is to have this security issue covered.All expired entries should be removed.
See #46 for background.
The question is how to deal with records that are already in database?
I don't know why I haven't this implemented together with #33...
Undefined index: SERVER_ADDR in [...]/bc-security/classes/BlueChip/Security/Modules/Events/Monitor.php on line 39
Currently this affects only automatic IP blacklist pruning, but should be fixed before #19 is implemented.
Should link to the blacklisting form with IP address and comment prefilled. Requires #3 to be implemented first.
A simple button will do.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.