|Last Updated||Ratings||Unique User Downloads||Download Rankings|
|2018-07-06 (7 months ago)||58%||Total: 659 This week: 1||All time: 4,778 This week: 398|
|pareto_security 2.1.9||GNU General Publi...||5.3.0||PHP 5, Security|
This class can filter requests to recognise malicious values and either call a 403 access denied ( default ), or optionally add the offending IP address to the banned list in the root htaccess file of a website.
=== Pareto Security ===
Tags: wordpress security, hack, database security, xss, WAF, CRLF, CSRF, command injection, cross-site scripting, exploit, firewall security, hack, hacked, hacker, injection, authentication bypass, local file inclusion, malware, phishing, rfi, remote file inclusion, scrapers, secure, secure login, security, SQL Injection, vulnerability, WAF, website security, wordpress, security
Requires at least: 4.7.2
Tested up to: 4.9.7
Stable tag: 2.1.1
Donate link: https://hokioisecurity.com
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
WordPress Core Security: Secure your website with real security.
== Description ==
Had enough of the security theatre presented by the raft of Wordpress security plugins? Time to put a stop to the attacks!
Firstly Wordpress and most other CMS's are built using PHP. PHP is a very insecure programming language, even worse in the hands of amateurs.
Wordpress has been plagued by plugins authored by amateurs that bring with them security vulnerabilities.
Security plugin designers mostly focus on cleaning up attacks rather than stopping them dead in their tracks.
Pareto Security class acts as a Central Security Hub checking all inputs from users, preventing bad requests from executing on your website.
= A Word on Security: = By the very nature of plugins, no plugin should ever claim to be a Web Application Firewall.
No security plugin can save your website from really-really badly written site, theme and/or plugin code.
No security plugin can save your site from attacks that result from when administrators do not follow basic security practices.
Keeping any CMS as secure as possible is not easy. The very best thing you can do to prevent attacks is to always keep your website code, themes and plugins up to date, and remove any plugins and themes you are not using.
== Installation ==
== Frequently Asked Questions ==
= How does Pareto Security protect sites from attackers? =
The Pareto Security developers understand how PHP - the coding language in which Wordpress is written in, can be exploited. Pareto Security principles of protection stop these attacks at the entry point.
= How does the Pareto Security Protection work? =
= What checks does the Pareto Security Scanner perform? =
= What security monitoring features does Pareto Security include? =
= How will I be alerted if my site has a security problem? =
Pareto Security sends attack alerts via email. Once you install Pareto Security you can enabled email notifications. You will never be flooded with notifications as Pareto Security only sends notifications of high r-sk attacks that have been blocked.
= Do I need other security plugins or cloud based firewalls? =
Pareto Security provides true entry-point security for your WordPress website. Pareto Security does not prevent or have conflict with other webserver security addons and hardware web application firewalls.
= What blocking features does Pareto Security include? =
= What differentiates Pareto Security from other WordPress Security plugins? =
= How can I contribute to the cause =
Donations via: * Bitcoin: 1HnQtSEXZXvL6sfgXRZ8sAhVmtMtwXfSyf * ZCASH Address: t1Lnmn4r9jVxhjhTLix8sRfyoqqsJVbShQ1 * Vericoin: VRsjYZmjpYxXmhRxGzYcECfpNUksvBr25v * Ethereum: 0xb9f7a75530ef6b4b21c721a81fe54c548492f9bf * Paypal Address: email@example.com
= Do you have an email contact? =
Email me at firstname.lastname@example.org
Other contacts: https://taipo.github.io/contact/
== Changelog ==
= 2.1.1 = * XML database for blacklists * Change email report regularity to every 5 serious events * Update [RFI] Filters * Banned IP addresses now removed if app is deactivated * For improved performance, Pareto Security now restricts HTACCESS to the last 500 banned IP addresses * Fixed non-critical bug in plugin deactivation * Improved logfile layout with ability to manually remove entries
= 2.1.0 = * Update to POST Filters * Extend length of log entry to 500 characters * Fixed small bug in way the email report displays * Added Settings link to WP plugin page * Now checks for and filters $HTTP_RAW_POST_DATA raw post data for XMLRPC * Better descriptions of attack types
= 2.0.9 = * Update database injections to reduce false positives
= 2.0.8 = * Enable XML-RPC Flood Protection * Further work on HTTP_HOST filtering
= 2.0.7 = * code cleanup
= 2.0.6 = * Improve HTTP HOST detection * Fixed a bug in flood controls for failed logins
|Version Control||Unique User Downloads||Download Rankings|
|User Ratings||User Comments (1)|