Tampilkan postingan dengan label security. Tampilkan semua postingan
Tampilkan postingan dengan label security. Tampilkan semua postingan

Kamis, 05 Desember 2013

Wordpress Security Question (Utilities)





A Product by Flipper Code


Wordpres Security Question is a wordpress plugin which enables security question feature on registration form. Plugin has zero configuration and start works on a single click. if you make use of a security question as a way of accessing an account if your user lost password, this plugin is perfect suitable for you.


For any help, feature request or to report a bug, you may contact me anytime And please rate this item as per your experience with it.


Why this Plugin?




If you search on google about “hack wordpress” or “wordpress hack” or similar phrases, you find that most of time hackers reset password using sql injection. For more information, how to hack a website using sql injection, read this article written by me. So using plugin, it’s not possible to reset your password without know your security answer.



Setup Your Questions using Backend



A new dropdown to ask question/answer easily integrated on your wordpress registration page once you installed this plugin.


Setup Security Question for Registration Page



Display Security Question on Registration



After setup questions, a new dropbox display on registration page automatically.


Display Security Question onRegistration Page



Ask Security Question on Forgot Password



To retrieve lost password, user needs to answer security question they answered before.


ask Security Question on Forgot Password Page


You’re Done!



Please feel free to ask if you have any question.

5sec Google Authenticator 2-Step Login Protection (Utilities)

Contact us. We'll get back to you ASAP!Subscribe to our items RSS feedFollow us and be the first to get new exciting items!




Add bank-grade security powered by Google to your site

Each login requires a new, unique, time restrained OTP (one time password) your phone generates. Even if someone knows your password they won’t be able to login. If someone tricks you into clicking “remember password” on an unsafe computer – it won’t matter! If someone steals an old OTP – even that won’t matter because they’re valid for only 2 minutes!




Forgot to log out? No worries!

The auto log out feature protects your account by automatically logging you out after a preset amount of time. You won’t leave the page as the log in form will be opened in a lightbox. After you enter a new OTP you’ll still be on that page and continue doing work.




Brute-force attacks got you pinned down? We have your back!

Built-in IP based brute-force protection ensures ease of mind even in the worst scenarios when you’re attacked by thousands of bots. Fine tuning of the ban rules allows you to ban them from logging in or even from accessing the whole site. Don’t worry, you can easily whitelist your own IP so you don’t lock yourself out.




Features



  • two step login process adds extra protection to your site

  • no extra SMS charges or anything simmilar

  • nobody can hack you even if they know your password

  • nobody can login to your account without your phone and a freshly generated OTP

  • per-user option for enabling/disabling two step authentication

  • protect your site from users who love to click “remember my password”

  • auto log-out feature to ensure nobody uses the admin after you do

  • complete brute-force attack protection with 5 options to fine tune ban rules

  • IP whitelist option for brute-force protection

  • mobile apps available for iPhone, iPad, Android & BlackBerry

  • if your phone dies or gets lost there’s a secret URL (uniquely generated for each site) you can use to login with only username & password

  • QR codes are automatically sent to new users; or you can always email them later via the users screen (as many users as needed can be emailed at once)

  • translation ready

  • famous 5sec concept for easy setup & usage

  • easy-to-use native WordPress GUI

  • professional & fast support

  • detailed documentation and in-line help on every step

  • more details, info & help



Changelog



v1.15 - October 13th 2013
* added per-user option to enable/disable two step authentication
* fixed a few bugs

v1.1 - October 9th 2013
* added whitelist IP option to brute-force module
* added mass email option on users screen so that QR codes can be sent to existing users
* fixed a few bugs

v1.0 - October 5th 2013
* initial release


 


Is it WordPress?

WooCommerce Minimize Fraud Plugin (WooCommerce)

WooCommerce Minimize Fraud Plugin



eMinFraud allows you to minimize online fraud in your powered WordPress + WooCommerce website.



eMinFraud integrated with MaxMind API and MaxMind license key is required.



The minFraud service from MaxMind reduces chargebacks by identifying risky orders to be held for further review. The minFraud service is used to identify fraud in online e-commerce transactions.



With MaxMind Telephone Verification services, verification through the telephone is automated thus saving you time and money without giving up protection. The telephone verification ensures that your customers provide you with a working, traceable telephone number. As a result, fraudsters are less likely to target your business.





Features



  • Enable / Disable MaxMind minFraud.

  • Enable / Disable MaxMind Phone Verification.

  • Enable / Disable MaxMind Phone Identification.

  • Enable / Disable MaxMind credit card verification, used to verify that the customer is in possession of the credit card.

  • Define maximum minFraud riskScore. Any new customer order that having above maximum riskScore will be set as “on-hold” automatically.

  • Define Phone Verification code length.

  • Define Phone Types allowed for verification.

  • riskScore point for each order displayed in WooCommerce orders panel.

  • minFraud data displayed in each WooCommerce order detail panel for further review.

  • No need to verify the customer phone number again next time ordering from your website using verified phone number. Changing phone number will require the customer to verify the new one.

  • .pot file available for transalation.

  • Clean source codes.

  • OOP and commented properly.



Update / Changelogs:


v.1.1.1

  • Fixing riskScore checking.


v.1.1.0

  • Include credit card verification to MaxMInd minFraud.

  • Fixing minor issue.



Demo


Currently no demo available, because MaxMind license key is required, but you can see all the screenshots available above.

The FAQ page is the first place you should check for any questions regarding this item.



Requirements



  • PHP >= 5.3.7

Rabu, 04 Desember 2013

PHP DosDetector Class (Add-ons)

PHP DosDetector Class Documentation



Version: 1.1


Release: June 2013


Keyword: security, php, class, firewall, DoS Attack, IDS/IPS





1. What is this class?


This PHP Class used for preventing Denial of Service (DoS) attack to your web server written by PHP. Running this script will monitoring all requests from an IP address and logged it into memory cache (PHP APC Caching). If an IP address sends too much request to your server, it will trigger the Intrustion Preventing System (IPS) and auto-ban this IP Address.





2. System Requirement








3. Installation


- First, copy class.dosdetector.php file to your project, such as ./classes/ directory on your project.


- Next, including class.docsdetector.php file.


- Now, just create an object from this class and call run method before the first line of your project (usally in bootstrap, start up or index file) to start monitoring. You can pass an URL to run method in case banned IP will be redirect to passed URL. If you do not pass this parameter, banned IP will see a default message on screen.


- Example code:



//Put this in the beginning of your all page
include_once('./classes/class.dosdetector.php');
$myDosDetector = new DosDetector();

//Default Running
$myDosDetector->run();

//Default Running with Custom Landing Page for Banned IP Access
//$myDosDetector->run('http://url/to/your/landing/page');

//////////////////////////////
// YOUR SITE SOURCE CODE HERE
//....






4. Editable Properties & Constants



  • $ignoreIpAddress: IP Address in this array will be ignored by this detector. Usually your Company IP…

  • PHPIDS_QUOTA_IDS_TRIGGER: if in a second, an IP Address request more than this value will be trigger method idsWorker() in this class. You can implement you code for this function (line 161 in class.dosdetector.php) to get the notification.

  • PHPIDS_DURATION_IPS_TRIGGER: The number of second to check for IPS (auto-banning) trigger.

  • PHPIDS_QUOTA_IPS_TRIGGER: if in PHPIDS_DURATION_IPS_TRIGGER seconds, same IP have more request than this value will be auto-banned by system.




5. Monitoring


- This package came with a standalone script to monitor the traffic (logged by DosDtector class). You can put this script anywhere on your web server (with PHP read permission), and run this script from browser to access monitor tool. Example: http://yoursite.com/monitor.php.


- This page will show all the request (with IP Address, Time, User-Agent, Cookie status, Request URI, Referer URL) logged by DosDetector. Logged Accesses will be cached for 2 hours for performance.


- This page will show you banned IP address (from auto-ban or manual-ban IP Address). You can manual-ban an IP Address if you see that IP request too much and have weird access. Banned IP addresses will not be clear automatically. This banned list only clear by you or by clear from APC cache.


- You can detect whether a request have cookie or not, because a request without cookie is usually a search engine robot (Googlebot,..) or an automatic script crawling/flooding your website.






Thank you!

SafeGuard - Protect your website from threats (Miscellaneous)

Get in touch with us







SafeGuard


With SafeGuard you can protect your website from many threats.

If you want you can also log this threats and review them in the admin panel.


You can redirect blocked threats to a custom page for example a access denied page.

Protection against



  • Proxys

  • VPNs

  • Spammers

  • DDos (Mass requests)

  • SQL Injections



Other features



  • Admin panel

  • Enable logging for the desired threats

  • Redirect blocked threats to a custom page

  • Very easy to use

  • Well documented



Changelog


v.1.01 – 14.11.2013
v.1.00 – 13.11.2013