Little help

  • Resolved invest0r7

    (@invest0r7)


    9 years, 5 months ago

    Hi there,

    This plugin seems awesome, but I’m going to wear my ignorance on my sleeve and say I have no idea what 90% of the stuff means on the settings page.

    I do see that there is a “default settings” and “best settings”. We have a pretty complicated membership site using Paid Memberships Pro and we have many many plugins.

    Do the default settings offer decent and safely-executed protection as is? Or does it not do much and should we try best settings? I just don’t want to 1) potentially break anthing, and 2) block legitimate users by putting the settings too high.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    9 years, 5 months ago

    Hi @invest0r7,

    Thank you for your interest in this plugin. It’s not good thing without understanding the functions of this plugin because there’s some possibility to break services that your site provides.

    Here are some brief descriptions about each target:

    Comment post : If you already have an anti spam plugin, then leave it unchecked.

    XML-RPC : XML-RPC can accept both pingback and remote command with username and password. The former is for blocking pingback spam and the later is for blocking login attempts. When you want to accept some 3rd party services such as Jetpack, please refer to “How To White List JetPack Servers“.

    Login form : I think you have to accept your guest as membership. If you can’t restrict their countries, it should be unchecked. Even in this case, login attempts can be blocked.

    Admin area : You can enable “Block by country” and “Prevent Zero-day Exploit” if you can restrict administrator’s countries.

    Admin ajax/post : Almost same as “Admin area”. If some of your plugins provide their serveries for both visitors (non-logged in users) and members via ajax on public facing pages, you should configure some code snippet.

    Plugins/Themes area : Almost same as “Admin ajax/post” but you can select exceptions instead of configuring some code snippet.

    If you let me know your site url, I can give you more concrete advice. Please contact me by email if you want. You can find my email address at here.

    Good luck!

    • This reply was modified 9 years, 5 months ago by tokkonopapa.
    Plugin Author tokkonopapa

    (@tokkonopapa)

    9 years, 5 months ago

    Sorry but I made a wrong description. Here is a right one.

    Admin ajax/post : Almost same as “Admin area”. Although this is carefully designed not to break services on public facing pages, there’re some cases that would cause undesired blocking. In this case, you should configure some code snippet.

    And version 3.0.1 has a bug that “Block by country” can not be unchecked at “Login form”. I’ll provide you the fixed version if you need before I release a official version.

    Thread Starter invest0r7

    (@invest0r7)

    9 years, 5 months ago

    This is extremely helpful. Thanks so much!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Little help’ is closed to new replies.