the full height nexus icon
 red n black circle yellow n black circle green n black circle 

[ Useful Internet Links ]

** Primary Note, ..
[ Read more ]

Note: if you see a (*) against a menu option, means that the article has a download link associated with it.


WordPress developer, ..
(( search box )) located here.

WPBeginer, gotta say here: that this website has some really cool stuff on it, and it ain’t just for beginners neither, but it does has a Noob approach to searching for stuff. It also has a very heavy emphasis on the over-use of paid Plugins in my opinion.

StackOverFlow, not a Noob in sight: except for some of the unresearched questions being asked, here be the questionable search box in, ..
(( question ))

The Mozilla support site is a right royal bitch to navigate, but it does have some real neat stuff on it to peruse. Downside, you do really need to know what you want to find — before even looking for it. The place is not Noob friendly at all, that said, it’s got shed loads of brilliant examples.

But above all, there’s the king ‘n’ queen of all searches, ..
Google itself.

** Remember, this stuff discussed here can kill your website stone dead, so only proceed with a current backup under your belt.

This page title is, ..

[ Howtoo: (pulled) kick out the hacker Bots ]

** Major Page Review Update: 23/04/2021 – After much internal debate over the running costs of the ShieldPRO security Plugin, then I’ve got to say that this option to keep the malignant script-kiddies — out! – Simply isn’t worth it: this, combined with the fact that the hacker auto-bots somehow got (in) last December (2020), installing a directory and executables in my WP content folder, .. PHP executable scripts with writable permissions for (all) and sundry, that definitely weren’t part of the core files.

Using my FTP program I deleted it, (problem solved.)

That said, .. the plugin has thus far kept the vast majority of the childish scrip kiddies and wannabe hackers out, with the WP reports of illegal actively being reduced to almost nil, so in conclusion, this review has been left in place for your consecration only.

Currently, I’m using Cerber security on B92.IN in India, it will also be installed on B92.CO.UK in the near future as well, but obviously only once the subscription runs out. My new consideration of the doggy dog kennel can be found here.


Old Review Continued:-

This is a duplicate of my 5 star review on the WordPress Security Plugin page.

The plugin in question.

Shield

Security Dashboard
Deactivate
Re-Install

Ultimate WP Security Protection – Scans, 2FA, Firewall, SPAM, Audit Trail, Security Admin, and so much more.

Version 9.2.1 | By Shield Security | View details | 5✩ Rate This Plugin

Managed by Easy Updates Manager.

Update: as of 02/12/2020, those who are in charge of this Plugin: literally took to heart the minor criticism that some felt in the complexity of running it, and have now produced something that’s completely funked up, with obnoxious bland boxes replacing the control panel on the apps front end, stupid dumb silly boxes that do absolutely nothing useful as far as I can see.

If I viewed this Plugin in its current state, then I’d move on, but my advice is — don’t move on, and yes: I’ve suggested to the developers, that perhaps they should reconsider putting back that complex control panel, (or at least part of it), with it in place: at least you could see it do something, but with this new boxed version running, then you’ve no idea what’s happening, and I can tell you hand on heart, that a lot is going on behind the scenes.
Lets continue on with the review.

Here are some screen shots of the plunging IP and the Roving Bot figures.

The first is Limit Login Attempts Reloaded, with the Zero aspect of it being pretty damned good in my humble opinion: especially being as the Plugin has been reporting at least 50 lockouts per day for the last week.

My second picture shows the Control Panel of the WordPress Security Plugin page, and the plunging graph of the Bot attacks speaks volumes: click the image to get a larger picture.

** btw, the pictorial icons have been dropped in version 10 of security shield, which: to my mmd, is a damned shame.

My duplicate review begins here, ..

OK, from seeing at least 50 plus lockouts a day to none in 6 hours: is pretty damned good, and it’s all due to this Plugin.

To originally combat the Hacker Bots that I was seeing in the “Limit Login Attempts Reloaded” logs, I ran a hapless plugin that changed your wp-login.php filename, and to a degree, (and for a while), it worked, then the MERD literally hit the fan, because the missing wp-login file was like a red rag to a bull to these mindless Bots.

From 10 Bots a day being locked out, it then went up to over 40 an hour on some days.

Looking at the Apache Logs showed me that they were simply circumventing the renaming plugins efforts, by getting WordPress itself to resolve my new hidden login file.

It was almost like a sport to these foreign Bots, and they were foreign, mainly China Russia, and – Sweden and Poland of all places.

I had a PHP Log file plugin installed showing me the PHP error codes that the site was producing, any and all (submit) buttons were targets with the GETs and POSTs becoming more and more frenetic. As were any, (and all), long WordPress page links: the resulting quick fired long stringed mess seemed to halt the server, with the next fast fired request showing the hidden login file.
Something that the Firefox browser does as well btw.

I think that it really was a sport, because the login names being used after the link was exposed were complete nonsense, as were the weird passwords being presented to the server.

** In the end, I limited the Hackers to one failed attempt with their IP being blocked for 48 hours, but it still didn’t stop them from hammering my sites login, and in their hordes.

So I started searching for a solution (out of the WordPress Box), and came across Shield Security, the free version does deter the Bots to a degree, and does indeed keep a few at bay, but it’s not until you pay for a subscription and get the Pro version, that you then really see a difference.

Especially after employing the paid options that turn on:-
Login Bots,
Probing Bots, and
Bot Behaviors, ..

With all of them ON and Immediately Block, or at least using the double offence counter, then the Bots aren’t even getting a chance to get near my site, especially the empty minded probing Botties, the (follow me tick box) is a simply wonderful Bot trap btw.

From 50 lockouts to ZERO, and in one day: the failing Bot drop-off graphs and the IP lockouts above prove that the Hackers aren’t even getting near my login core files anymore.

I have to say, that it was a most amazing feeling of finally being back in control again.

Cons, ..
1.) The dashboard is very slow to refresh: (very!)
2.) It’s as complicated as hell to navigate, with a bewildering array of options.
2a.) But just focus on the (IP Blocking menu) and then the (Login Bots) sub menus if excess hackers are trying to get in, and is your main issue.
3.) Not sure if this is a con or a plus, but you have to get a [V2] reCaptcha license from Google, as [V3] (Doesn’t work? Isn’t supported?) Dunno!

** I already have [V3], and applying for another one was kinda surreal, but Google granted me another one no worries, and after copying the two strings into the Plugin input boxes — I now had a [I’m Human] tick box on my login form: I just hope that the rest of the Plugins that do use [V3] don’t kick off.

4.) The subscription is yearly, but at 30:00 (it’s not that expensive), nevertheless: it’s a subscription, and they bug me!

Pros, ..
1.) You can try out the Pro version for free.
2.) Without installing another Plugin, you can rename your login file from wp-login.php to whatever, thusly thwarting the hackers even further.

** But as noted above, doing this seems to make the roving Bots even more feral in nature, more aggressive once a hidden login 404 200 result is found.

2a.) Note of worth: the 404 missing file login messages sometimes aren’t even shown by the WordPress core 404 page, but are presented as a server side-error: which to my way of thinking is amazing, and btw — it’s only the missing login file that does it.

Epilogue: So, .. apart from £30:00 a year, then what do you have to lose?

Well for a start, all those annoying pesky bloomin Hacker Bots, this plugin really does kick them all to touch.

From that undeniable fact of free Bot space hanging in the air, then I have to say that I can heartily recommend this plugin, even though I do have to begrudgingly pay the yearly subscription costs that come with it, .. (But it is worth it.)

Re-edit: 27/04/2021 (Was worth it!)

 

Thanks for reading, Jessica: Praise be the ORI.

 

Information.

email icon This is my email address.



Your message may get put into the spam folder if my internet provided thinks it a bit phishy. So as an alternative — you can also use shopper@b92.co.uk if you so wish.

** This particular email address declared above, has positively and absolutely no spam filters on it, (at all), which means that positively and absolutely *everything* gets through.

Thanks for seeking me out, Jessica:
Praise be the ORI.

Information.

Disclaimer:-
The stuff found here in the Nexus is for amusement purposes only, and I guarantee that none of it is fit for purpose.

SO! – With that Pop-up popped up and properly put to bed, then the legal garbage is outta’ of the way.

Thanks for reading the trash, Jessica:
Praise be the ORI.

WARNING!

To view this website, you must be considered as an ADULT (with legal consent) in your current location to proceed any further.

Failure to comply, could result in a criminal prosecution (within the local domicile) that you physically reside.

This book site isn't for children, nor any childish attitudes towards sexual ambivalence. It is for -- ADULTS ONLY!

Pressing [ No! ] - Will take you away, to another type of less salubrious activity that's more suited to your young tender age (and/or) delicate disposition.

Only press [ YES! ] - If you understand these legally binding terms and conditions. Whereby, a one year cookie will be set on your browser: thusly declaring you to be an adult, (a constitutional time-Warrior), with all of your timely facilities intact.

It's a big decision that you're about to undertake coder, choose wisely: because you can never go back.