Feedback – ideas to improve

  • p1c2d3

    (@postcd)


    2 hours, 31 minutes ago

    • 1 IPhub.info blocks VPN IPs (for example myself), there is no way to challenge/rate-limit instead of block.
    • 2 “Enable Reverse DNS Verification” checkbox may be moved one item up to be right after “Enable Crawler Verification” and be named similarly, so it is apparent these are two options of a same thing. The description “More secure but slightly slower resolution time.” lacks explaining more secure than what.
    • 3 reCaptcha is evil Google service. hCaptcha offers more privacy.
    • 4 Some settings makes you wondering about its impact on total scoring of a visitor, maybe one would need to by default see all factors contributed to a score of particular visitors seen in a log area, so he can easily tweak each factor, easily find appropriate setting.
    • 5 Amount settings on all tabs makes me loose awareness about which modifications i did from original WordPress settings.
    • 6 I would expect testing/logging mode would be enabled by default
    • 7 “Enable performance caching” “Improves the plugin performance by leveraging multi-layer caching” – this option makes unexperienced admin wonder if it would be duplicate with already used Litespeed cache plugin or similar or if it is really only for a Botfend ABF requests which would be uncached by other plugin cachers.
    • 8 System tab shows “Maximum requests per minute” that section does not explain what is considered a request. If one page load is 1 request, or if admin needs to count number of elements like .js, .css), which is sometimes even tens of requests per page load.
    • 9 Again on System tab is “How many submissions render per page”, maybe can be easier to understand to replace render by are displayed. In same sentence, it may be handy to link to that “Unblock Requests” panel. In same section i would expect “Show export options” be enabled by default for convenience.
    • 10 “/wp-content/plugins/botfend-anti-bot-firewall/assets/css/admin-file-guard.css” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).”
      $ grep X-Content-Type-Options .htaccess
      Header set X-Content-Type-Options “nosniff” nosniffBlocks a request if the request destination is of type style and the MIME type is not text/css
      Similar issue is for admin-file-guard.js (possibly wrongly set to text/html) and unblock.js (check all files mime type). Maybe this nosniff policy is enforced also by your plugin: https://justpaste.it/lmbmt

    Please consider if you can write down to a TODO list or right away improve some descriptions or behavior.

You must be logged in to reply to this topic.