Securing your WordPress website is vital for maintaining the security and privacy of its users. By preventing against the types of attacks below, website owners can ensure that their users receive legitimate content without being exposed to harmful or malicious data.
A secure WordPress website promotes a safe browsing experience for users, fostering trust in the site\'s content and services. Additionally, mitigating these risks helps website owners avoid potential legal issues and financial losses associated with security breaches. It also protects the website\'s reputation, ensuring that users continue to rely on the site as a trustworthy source of information and services.
'; echo '| ';
WPCaptcha_Utility::create_toggle_switch('firewall_block_bots', array('saved_value' => $options['firewall_block_bots'], 'option_key' => esc_attr(WPCAPTCHA_OPTIONS_KEY) . '[firewall_block_bots]'), true, 'firewall_rule_toggle');
echo ' Blocking bad bots on a WordPress site refers to the process of identifying and preventing malicious automated software programs, known as "bots," from accessing, crawling, or interacting with the website. Bad bots are typically used by attackers to perform various malicious activities, such as content scraping, spamming, DDoS attacks, vulnerability scanning, or brute-force attacks to gain unauthorized access to the site.'; echo ' | |
| ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_directory_traversal', array('saved_value' => $options['firewall_directory_traversal'], 'option_key' => esc_attr(WPCAPTCHA_OPTIONS_KEY) . '[firewall_directory_traversal]'), true, 'firewall_rule_toggle');
echo ' ';
echo 'Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to access files on the server that they should not by passing file paths that attempt to traverse the normal directory structure using the parent folder path.';
echo ' | |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_http_response_splitting', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client. Protecting against HTTP Response Splitting on a WordPress website is crucial to maintain its security and the privacy of its users. By preventing this vulnerability, website owners can reduce the risk of attackers stealing sensitive information, compromising user accounts, or damaging the website\'s reputation. ';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_xss', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'Cross-Site Scripting (XSS) is a type of web application vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users. This occurs when a web application does not properly validate or sanitize user input and includes it in the rendered HTML output. There are three main types of XSS: stored, reflected, and DOM-based.In stored XSS, the malicious script is saved in the target server (e.g., in a database), while in reflected XSS, the malicious script is part of the user\'s request and reflected back in the response. DOM-based XSS occurs when the vulnerability is in the client-side JavaScript code, allowing the attacker to manipulate the Document Object Model (DOM) directly. This option only protects agains reflected/request type XSS attacks. You should still be careful about what plugins you install and make sure they are secure.'; echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_cache_poisoning', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'Cache Poisoning is a type of cyberattack where an attacker manipulates the cache data of web applications, content delivery networks (CDNs), or DNS resolvers to serve malicious content to unsuspecting users. The attacker exploits vulnerabilities or misconfigurations in caching mechanisms to insert malicious data into the cache, effectively "poisoning" it. When a user makes a request, the compromised cache serves the malicious content instead of the legitimate content. This can lead to various harmful consequences, such as redirecting users to phishing sites, spreading malware, or stealing sensitive information.';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_dual_header', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'Dual-Header Exploits, also known as HTTP Header Injection, is a type of web application vulnerability that involves manipulating HTTP headers to execute malicious actions or inject malicious content. Similar to HTTP Response Splitting, an attacker exploits this vulnerability by injecting newline characters (CRLF - carriage return and line feed) or other special characters into user input. This allows the attacker to create or modify HTTP headers, which can lead to various harmful consequences. For instance, an attacker can set cookies, redirect users to malicious websites, or perform cross-site scripting (XSS) attacks.';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_sql_injection', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'SQL/PHP/Code Injection is a type of web application vulnerability where an attacker inserts malicious code or commands into a web application, typically by exploiting insufficient input validation or sanitization. This allows the attacker to execute unauthorized actions, such as extracting sensitive information from databases, modifying data, or gaining unauthorized access to the system.';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_file_injection', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'File Injection/Inclusion is a type of web application vulnerability where an attacker exploits insufficient validation or sanitization of user input to include or inject malicious files into a web application. There are two main types of File Injection/Inclusion vulnerabilities: Local File Inclusion (LFI) and Remote File Inclusion (RFI). This can lead to unauthorized access to sensitive files, source code disclosure, or even the execution of server-side scripts if the application processes the included file. If the application is manipulated to process a remote file, the attacker\'s code is executed, potentially granting unauthorized access, control over the server, or the ability to perform various malicious actions.';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_null_byte_injection', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'Null Byte Injection is a type of web application vulnerability that exploits the way certain programming languages, such as C and PHP, handle null characters. The null character serves as a string terminator in these languages, signaling the end of a string. An attacker can use a null byte to manipulate user input or file paths, causing the application to truncate the string after the null character. This can lead to unexpected behaviors, such as bypassing input validation or accessing sensitive files.';
echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('firewall_php_info', array('saved_value' => 0, 'option_key' => ''), true, 'firewall_rule_toggle');
echo ' ';
echo 'PHP information leakage refers to the unintended exposure of sensitive information about the PHP environment, configurations, or code running on a WordPress website. This information can be valuable for attackers, as it may reveal potential vulnerabilities, system details, or other information that could be exploited to compromise the site.';
echo ' |
| '; WPCaptcha_admin::footer_save_button(); echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('2fa_email', array('saved_value' => 0, 'option_key' => ''));
echo ' ';
echo 'After the correct username & password are entered the user will receive an email with a one-time link to confirm the login.In case somebody steals the username & password they still won\'t be able to login without access to the account email.'; echo ' |
|---|---|
| '; echo ''; echo ' |
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('cloud_use_account_lists', array('saved_value' => 0, 'option_key' => ''));
echo ' ';
echo 'These lists are private and available only to your sites. Configure them in the WP Captcha Dashboard';
echo ' |
|---|---|
| PRO | ';
echo ' ';
WPCaptcha_Utility::create_toggle_switch('cloud_use_blacklist', array('saved_value' => 0, 'option_key' => ''));
echo ' ';
echo 'A list of bad IPs maintained daily by WebFactory, and based on realtime malicios activity observed on thousands of websites. IPs found on this list are trully bad and should not have access to your site.';
echo ' |
| PRO | '; echo ''; echo ''; echo 'Completely block website access for IPs on cloud blacklist, or just blocking access to the login page.'; echo ' |
| PRO | '; echo 'Message displayed to visitors blocked based on cloud lists. Default: We\'re sorry, but access from your IP is not allowed.'; echo ' |
| PRO | '; echo 'The Cloud Protection Whitelist can only be edited in the WP Captcha Dashboard'; echo ' |
| PRO | '; echo 'The Cloud Protection Blacklist can only be edited in the WP Captcha Dashboard'; echo ' |
| '; echo ''; echo ' |