Thread Starter
mrebel
(@mrebel)
Now that I’ve been through what I think are all of the BPS settings, it seems that you just don’t take on search security. Seems to be a great plugin for all of the other security issues I was having. Thanks.
That would cause too many false positives for most users.
Why not just create your own rule?
RewriteCond %{QUERY_STRING} ^s=a$ [NC]
RewriteRule ^ - [F]
Better yet,
RewriteCond %{QUERY_STRING} ^s=\w$ [NC]
RewriteRule ^ - [F]
If you’re concerned about queries on your database during searches, you should offset searches to Google, as it will only index what you allow it. There are several plugins to do that or just do it yourself.
https://www.google.com/search?q=wordpress+google+search
Plugin Author
AITpro
(@aitpro)
hmm interesting question. A search for the letter “a” will return all posts with the letter “a” in them (except Private Posts if you are not logged in as an Admin), which I imagine would be all posts. Not sure how that would relate to security in any way.
Search Security Example: If you enter a malicious string/malicious code in your search window then that should be blocked/forbidden – depending of course on whether your search window is directly tied into a WordPress default search feature/function or if a custom search function/feature is being used instead via a theme or plugin. By default WordPress sanitizes the search GET input.
So my questions are these:
When you say hidden pages what exactly do you mean? Please be very specific.
Are the hidden pages displayed to you when logged into your site as an admin only or are they displayed to you when you are not logged in and do a search?
What is the intended purpose/goal of hiding the pages?
Plugin Author
AITpro
(@aitpro)
Hmm maybe what you are looking for is the built-in Private Post feature in WordPress?
Create a test post called Private post
Type in “I am a teapot” in the content window.
Under the Publish meta box in the right hand column of the Edit Post page, click the Visibility Edit link, select the Private radio button and save your settings and publish your test post.
Log out of your site and search for the letter “a”.
Your Private test post will not be listed in the search results.
Thread Starter
mrebel
(@mrebel)
Good tips. Thanks.
As I posted above, I was looking for this plugin to do something it does not do. My bad. BulletProof Security seems to have solved all of my other site security issues.
I installed a plugin that disable Search and my issue was solved.
