WordPress Blog: protecting against dangerous HTTP-requests

Posted: April 14, 2013 in Articles
Tags: , , , , , , , ,

WordPress PluginsWP-Sentinel – WordPress plugin for protection from dangerous HTTP-requests

Plugin to protect your blog from malicious HTTP-requests, various injections, XSS-attacks, brute force attacks, and flooding. It is to protect WordPress Website from hacking. He checks each HTTP request for a given set of rules to filter malicious requests.

Plugin to protect your blog from malicious HTTP-requests, various injections, XSS-attacks, brute force attacks, and flooding.

WP-Sentinel works as a firewall, analyzing all http-requests coming to the blog, recognizing and blocking dangerous attacks:

– Brute force (exhaustive password search);
– SQL injection (injection of malicious code directly into the database with special requests);
– HTML injection (injection of malicious code in HTML, for example, through the comments);
– XSS (the script from another site with a dangerous request to the blog);
– Execution of the external file;
– Execution of commands;
– The use of overflow error string or buffer;
– Fake requests to the site with the replacement of the dangerous;
– Flooding (too frequent use of the website, not peculiar to the ordinary people.)

We see that in contrast to the Limit Login Attempts, which protects from brutfors atacks only, WP-Sentinel not only limits the number of incorrect entries in the admin area, but also provides protection against many types of attacks.

If the plug-recognized threat, it blocks the IP-address from which the dangerous request sent to the blog, writes it to a log, and alerts the administrator by email.

If it was not dangerous request and perform some internal commands, such a request may be further resolved. Hazardous same queries are prohibited, IP-addresses for the time block (time can be adjusted.) If you notice that the source of dangerous requests are the same IP-address or network address, you can do to prevent them access to the blog for all manually. Later, you can view and edit the lists Banned addresses.

WP-Sentinel writes logs of their work by recording the activity by day and completely. To record logs and save your settings, you need to give write permissions (CHMOD 0755/0775/0777) in folders

– / Wp-content/plugins/wp-sentinel/vectors
–  / Wp-content/plugins/wp-sentinel/layouts

For the analysis of attacks you can download daily and total log. Letters that will be coming administrator in case detection and control attacks, can be customized with special templates to include the data that interest you.

WP-Sentinel Plugin Settings

Download WP-Sentinel Plugin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s