I was wondering if someone could fork the plugin Brute Force Login Protection
This is only a tiny plugin with one php file that probably needs to be changed, and would be an ideal candidate to showcase the new Security page in the admin panel of CP v1.1.0
The plugin still works with this version, even though it hasn’t been updated for 2 years and I use it on all my sites. It is a last-resort backstop that catches people trying to guess the login details, when all my other plugins missed it. It even catches people trying to get in via the back door, and not the actual login form.
I particularly like it because it permanently blocks the IP address in .htaccess ( I set it to 3 attempts) and sends me an email letting me know.
I read the information for developers using the Security page, but don’t feel confident enough to try modifying it myself.
If someone could fork it, then I can write a post at ClassicPress.club with screen shots of how it is displayed in the admin panel.
I think it would help to have an example plugin, especially a small but useful one such as this.
Done, but just as an exercise.
I’ve not much time now, but if you like, there are some things to do, like:
- rename the plugin in readme, translations…
- plugin is still searching for updates on wp.org, so I’ve just bumped version
- correctly credits the original author and say in a good english something about the fork
- check newer PHP compatibility
- chech CP <1.1.0 compatibility
If you want to contribute you are welcome!
And if you want (and I’d like to very much) I can transfer to you the ownership of the repo.
What I’ve done actually:
- Pushed 2 PR:
- one fixed compatibility for Apache 2.4
- one added some good styling and pt_BR language
- corrected a bug when PHP is compiled out of apache
- of course moved to Security menu when it’s available
I think at this time is really not ready for that
Thanks for that!
It’s midnight here, but I’ll test it tomorrow. I wouldn’t know how to do anything with the coding side of things, so no point in me owning the repo.
Maybe @Code_Potent would like to add it to his collection?
The plugin did not work. It was in the list of installed plugins, and showing as active, but could not be accessed from Settings (or anywhere else) in the admin panel, and nothing showed under Security.
The .htaccess file did show the code block ready for blocked IP’s.
I was then unable to activate the original plugin by uploading it. There was a “format error” message. It installed and activated okay by downloading it from the plugin page though.
Hope that helps you.
For what it’s worth, I see the original GitHub page is showing the structure for a development version. It contains files that are not present in the actual v1.5.3 plugin zip file.
I also notice under “Issues” that this plugin only works with Apache and not Nginx, so maybe it’s not a good plugin to use as an example.
I’m in the middle of a blackout ! To what user do you want to be passed?
Nginx doesn’t support htaccess (that seems to be evil for speed ).
Many configurations use Nginx only as proxy, so htaccess is parsed.
I’ve installed on a production site and it works, it displays correctly in the security page.
No, no warnings or error log entries. It just seemed to be invisible to the admin panel.
I did notice the screen went blank when activating the plugin, with no details showing what was in progress, as you usually get.
One of life’s many mysteries.
Maybe something remained in the database when I uninstalled the original plugin. You wouldn’t have had that problem. I might try again and do a search of the records before installing your version.
I just installed on a test site and I’m not seeing anything in the security area. Can’t see anywhere at all to access settings.
@Aussie, @ozfiddler : what’s the name of the folder of the plugin?
This is ok, because if there is a Security page the original settings are not displayed.
I think I may see the problem.
Looking at the GitHub page files and those on my website, there are significant differences. I downloaded the zip file from the “Clone or Download” dropdown. I think I should have downloaded v1.5.2 from the “Releases” page, even though it’s dated 2015. That file is actually your new one and not the original v1.5.2 one.
That is not clear to someone who doesn’t understand GitHub.
I’ve just had a quick play. The plugin folder must be
CP-Brute-Force-Login-Protection, the same as the menu slug. Seems to work fine…for me at least.
Yes, this could be the problem if the folder name is
CP-Brute-Force-Login-Protection-develop as if you download the ZIP from GitHub.
Okay, I finally got it to work before my server crashed on me. I downloaded the version from “Clone or Download” and renamed the folder before activating the plugin.
It showed under “Security” and I could configure it.
So why is the folder not correctly named initially?
I think this is the correct way GitHub works… Working with wp-cli automatically corrects this.
Plugins should not be dependent on their folder name.
I unzipped it, renamed the folder and zipped up again.
But the plugin slug is the name of the dir, and
add_security_page() is looking at this.
$menu_slug something like
dirname(__FILE__) instead of hardcoding it could be a workaround. What do you think about it?