Is your firewall able to identify bot behaviour (failed login, XML\u002DRPC access, Fake web crawler, etc.) and stop them? Offer login protection? (2FA) ? Hide login URL? Allow users suspension? Block Directory traversals \u002D SQL queries \u002D WordPress terms \u002D field truncation \u002D exe file uploads? Can disable XML\u002DRPC, Anonymous Rest Api (with exclusions?) Offers advanced security headers control (XSS protection, referrer policy block iframes, etc.) ?\u000aThanks

Question

Is your firewall able to identify bot behaviour (failed login, XML\u002DRPC access, Fake web crawler,  etc.) and stop them? Offer login protection? (2FA) ? Hide login URL? Allow users suspension? Block Directory traversals \u002D SQL queries \u002D WordPress terms \u002D field truncation \u002D exe file uploads? Can disable XML\u002DRPC, Anonymous Rest Api (with exclusions?) Offers advanced security headers control (XSS protection, referrer policy block iframes, etc.) ?\u000aThanks

Lars_Koudal · Answer

Hello B.76858,\u000a\u000aYes, WP Security Ninja is equipped to handle the security challenges you mentioned:\u000a\u000a* Failed login: By default, multiple failed login attempts trigger a temporary block. You can adjust the sensitivity settings to fit your needs.\u000a* XML\u002DRPC access: Our plugin can insert rules to block XML\u002DRPC access via .htaccess. For Nginx servers, manual configuration file tweaks are necessary.\u000a* Hide login URL: You can change the default login URL to enhance security.\u000a* Block Directory traversals: We block attempts to navigate through directories.\u000a* SQL Queries and WordPress terms: Using a modified 8G ruleset, we block suspicious requests that could indicate SQL injections and other exploits.\u000a\u000aWe also check for major security headers, although the plugin primarily verifies if policies are set and doesn\u0027t generate or extensively test them. \u000a\u000aPlease note that while WordPress by default doesn\u0027t allow .exe file uploads, we\u0027re considering adding a feature to scan files on upload, as detailed in our feature request here: https://securityninja.productlift.dev/p/scan\u002Dfiles\u002Don\u002Dupload\u002DdW3flF\u000a\u000aThank you for asking, let us know if we need to elaborate something.

Lars_Koudal · Answer

Hey there! Just dropping in to give you a heads up \u002D we\u0027ve rolled out a fresh update, version 5.191, now featuring 2FA to give additional protection for your login form.

Potion

Share Potion

Related questions