QuestionGD Security Toolbox Pro

This topic contains 14 replies, has 2 voices, and was last updated by  MillaN 2 weeks, 1 day ago.

  • Creator
    Topic
  • #57296

    juliaabraham
    Participant

    Hi,

    Re-sale question

    1) Can i have 2 difference API recaptcha?
    I would like URL admin login API recaptcha with hieght security
    Normal bbpress forum, buddypress… i would like to create API with easiest for user logged easy to use

    2) Ban user used .htaccess ? or only php code. Beacuse most plugin used .htaccess, i would like to use php file for better

    3) What is detail that registrator security can do?
    Example:
    –Can limited user create user account with any ralated text “web” ==> So any user account have the word “web” will alert as this user account has been created (Fake, actually don’t allow”
    — Can limited username only + – _ and not allow use space in username
    — Can force user login by username only?
    — Can blacklist domain , which is not allow create account. Example: email@my-web.com, email@rocky.com
    — Can limited name charactor, example longest is 20 word

    Thanks

Viewing 14 replies - 1 through 14 (of 14 total)
  • Author
    Replies
  • #57298

    MillaN
    Keymaster

    Hi,

    1. reCaptcha is what it is, it can’t have higher and lower security. Read more on official Google reCaptcha website to learn more.

    2. You can ban IP’s. By default, it will use .htaccess because it improves the performance of the website when IP access is stopped via .htaccess, WordPress is not loaded. But, you can disable that, so IP ban will be done by WordPress.

    3a. You can blacklist one or more words from use in the username when registering an account.
    3b. There is no option to remove empty space from the username.
    3c. There is no option to force username for login.
    3d. Yes, you can blacklist domains for use for registration emails.
    3e. There is no option to limit the length of the username.

    Regards,
    Milan

    Dev4Press - Premium plugins for WordPress.

    #57299

    juliaabraham
    Participant

    1) Yes i know
    i want to create 2 project in reCaptcha
    Project 1: Use for admin login URL wp-login, wp-registrator
    Project 2: Use for normal login
    Question: reCaptcha even i created lowest security, but why it don’t work just click then done. In my test with another plugin always pop-up the choose picture. If i’m client for this plugin, can you guide me . OR defaul lowest reCaptcha always come with pop-up choose picture?

    2) Do you mean the plugin have 2 option blacklist? Bán IP by .htaccess or wordpress is options in plugin?

    3) 3c & 3e, can you please update?

    Thanks

    #57300

    MillaN
    Keymaster

    Hi,

    1. reCaptcha module can protect various things, but you can’t control anything about it. reCaptcha determines on its own if it needs to show picture selection popup or not, you can’t control that at all. And any other plugin that adds reCaptcha, also can’t control that.

    2. You have centralized IP ban, and you can choose to use .htaccess for that or not.

    3. It is possible to add 3b and 3c, but I don’t plan to add 3e for now.

    Milan

    Dev4Press - Premium plugins for WordPress.

    #57301

    juliaabraham
    Participant

    1) if it needs to show picture selection popup or not. ==> Do you mean that i can simple reCaptcha by 1 “stick checked” done. No need choose picture match in reCaptcha?

    2) 3D is defaul wordpress, sorry my bad with fast question. Please check to be sure
    3C nice
    3E what happen if user only create login with 4 charactor or long as 50 charactor then? Can you consider about this?

    #57302

    MillaN
    Keymaster

    1. reCaptcha decides on its own if it needs to show popup or not. That means that reCaptcha server decides, not my plugin. My plugin just includes and validates reCaptcha code, the whole logic is on Google reCaptcha side, and it can’t be controlled.

    3d. is only part of WordPress Multisite, and it is not easy to control (domain registration ban).
    3e. I will consider adding this, in one of the future versions.

    Dev4Press - Premium plugins for WordPress.

    #57303

    juliaabraham
    Participant

    Hi,

    1) I don’t know how to get reCaptcha setting in google for only “check” without pop-up image choose. Can you create article for this setting in document guide?

    3C/3D/3EPlease check out this plugin for check how they coded
    https://wordpress.org/plugins/restrict-usernames-emails-characters/

    #57304

    MillaN
    Keymaster

    You can’t control reCaptcha! Most of the times it will display checkbox, but sometimes shows the popup, there is no way to change that, it is how Google made it, it is the core of its logic. It uses cookies and IP to determine if you are a bot or not, and it will show popup if it needs confirmation. There is no way to control that, don’t waste time trying.

    Dev4Press - Premium plugins for WordPress.

    #57305

    juliaabraham
    Participant

    Ok thank for explain. Waiting for your update about 3 . Good day!

    #57306

    juliaabraham
    Participant

    Hi please give me demo of 2 of bellow plugin. In request demo i can not find option for security toolbox

    https://plugins.dev4press.com/gd-security-toolbox/
    https://plugins.dev4press.com/gd-press-tools/features/events-log/

    Question: gd-security-toolbox. Is it also track:
    +Bad bot, bad user-agent
    +Crawel
    +Here is just question if inclued PHP IDS in the Internet – https://en.m.wikipedia.org/wiki/PHPIDS, because my plugin inclued this function afraid conflict.

    Thanks

    #57307

    MillaN
    Keymaster

    Hi,

    The demo website is a multisite network, and both GD Security Toolbox Pro and GD Press Tools Pro are network level plugins and only super admins can use them, but I can’t give you super admin access to the network. That is why Security plugin is not on the list for testing. And for GD Press Tools Pro test includes only some feature that is not on the network level.

    1. There is no reliable way to track if the visitor is a ‘bad bot’ or ‘crawler’. Any client can spoof user agent and hide its purpose, so having complicated filters is contra productive and problematic. My plugin can use ProjectHoneypot database to get verified and valid information about malicious clients, and I find it better than user agent tracking.
    2. PHPIDS is outdated software that should not be used at all. I have no experience using it, so I can’t say if there are any conflicts with my plugins.

    I will prepare the separate demo for security plugin, and will email you access by the end of the week (as soon as I have some time to do it).

    Milan

    Dev4Press - Premium plugins for WordPress.

    #57315

    juliaabraham
    Participant

    Ok thank please give me both of this plugin demo when you are ready. Thanks

    #57384

    MillaN
    Keymaster

    I have sent you an email with special demo login.

    Milan

    Dev4Press - Premium plugins for WordPress.

    #57385

    juliaabraham
    Participant

    Thank you, checking on it.

    Why don’t you isstall all plugin in 1 web demo . And use plugin allow access admin all time with demo/pass:demo for easier who need to check your plugin. Sorry i forget plugin name, please search for it. If you needed, Just my suggestion.

    #57387

    MillaN
    Keymaster

    I have demo setup for all plugins, but the GD Security Toolbox Pro and GD Press Tools Pro can’t be tested there. If you want to test these two plugins, use the demo login I have sent. For all other plugins, I can create a centralized demo.

    Dev4Press - Premium plugins for WordPress.

Viewing 14 replies - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.