Security: Add Google reCAPTCHA v2 to login and lost password forms
This commit is contained in:
Hanson.xyz Dev
@@ -48,8 +48,37 @@ location ~ /wp-content/(?<path>.+)\.(?<ext>jpe?g|png|gif|webp)$ {
|
||||
|
||||
The plugin stores converted WebP files in `/wp-content/uploads-webpc/` mirroring the structure of `/wp-content/uploads/`.
|
||||
|
||||
## WordPress Plugins (Security)
|
||||
|
||||
| Plugin | Version | Purpose |
|
||||
|--------|---------|---------|
|
||||
| All In One WP Security | 5.4.4 | Login protection, basic firewall, user enumeration blocking |
|
||||
|
||||
### AIOS Configuration Summary
|
||||
|
||||
**Login Protection:**
|
||||
- Max login attempts: 10
|
||||
- Retry time period: 5 minutes
|
||||
- Lockout length: 30 minutes (max 60)
|
||||
- Instant lockout usernames: admin, administrator, test
|
||||
- Generic login error messages: enabled
|
||||
- Email notifications: enabled
|
||||
- Login honeypot: enabled
|
||||
|
||||
**Hardening:**
|
||||
- File editing disabled
|
||||
- WP generator meta removed
|
||||
- Default WP file access prevented
|
||||
- User enumeration blocked
|
||||
- Unauthorized REST API blocked
|
||||
- Clickjacking protection enabled
|
||||
- Directory indexing disabled
|
||||
|
||||
**Note:** Many features (5G/6G firewall, IP blacklisting, advanced brute force) are intentionally disabled as Sucuri WAF will handle these at the edge.
|
||||
|
||||
## Notes
|
||||
|
||||
- No external APIs or services are used for image processing
|
||||
- All image conversion happens locally on the server
|
||||
- WordPress core handles thumbnail generation for all registered image sizes
|
||||
- Security hardening complements (not duplicates) Sucuri WAF features
|
||||
|
||||
Reference in New Issue
Block a user