B.76858Q: Is your firewall able to identify bot behaviour (failed login, XML-RPC access, Fake web crawler, etc.)
and stop them? Offer login protection? (2FA) ? Hide login URL? Allow users suspension? Block Directory traversals - SQL queries - WordPress terms - field truncation - exe file uploads? Can disable XML-RPC, Anonymous Rest Api (with exclusions?) Offers advanced security headers control (XSS protection, referrer policy block iframes, etc.) ?
Thanks
Lars_Koudal
May 15, 2024A: Hello B.76858,
Yes, WP Security Ninja is equipped to handle the security challenges you mentioned:
* Failed login: By default, multiple failed login attempts trigger a temporary block. You can adjust the sensitivity settings to fit your needs.
* XML-RPC access: Our plugin can insert rules to block XML-RPC access via .htaccess. For Nginx servers, manual configuration file tweaks are necessary.
* Hide login URL: You can change the default login URL to enhance security.
* Block Directory traversals: We block attempts to navigate through directories.
* SQL Queries and WordPress terms: Using a modified 8G ruleset, we block suspicious requests that could indicate SQL injections and other exploits.
We also check for major security headers, although the plugin primarily verifies if policies are set and doesn't generate or extensively test them.
Please note that while WordPress by default doesn't allow .exe file uploads, we're considering adding a feature to scan files on upload, as detailed in our feature request here: https://securityninja.productlift.dev/p/scan-files-on-upload-dW3flF
Thank you for asking, let us know if we need to elaborate something.
Hey there! Just dropping in to give you a heads up - we've rolled out a fresh update, version 5.191, now featuring 2FA to give additional protection for your login form.