In my ongoing attempts to improve the security of WordPress and to clarify the brute-force threat, I have isolated the code for my login patch into an include file and added some notes to explain why the wp-login.php file comes up as a vulnerability.
I have also downgraded the severity of this threat and changed it to an "opt-in" fix instead of being marked in red and default checked for automatic repair. This is partly because I have perceived an ebbing of the brute-force attacks on WordPress sites that spiked a couple of months ago, but also because a moderator on wordpress.org suggested that I should not be modifying WordPress core files.
I will also be taking the "Dave" and other references from the movie 2001: A Space Odyssey out of the login patch because some people (not named Dave) didn't see the humor in it and I don't want to upset anyone.
Comments and suggestions are always welcome.
Today is the official one-year anniversary of the first release of this plugin on the WordPress Plugin Repository. I feel really positive about how far this plugin has come in the last year. I am also very proud of how many people that my plugin has helped. I've got a lot of plans for improving this plugin so I want to thank those who have made a donation and ask all those who have not yet donated to contribute now. Donations to this project support me making time to work on it and make it better. So don't just use it, support it!Aloha,
I just released an update that makes the file view easier to use and the Fix Threats process much faster. I also added back the feature to revert your changes if the Automatic Fix ended up breaking your site. There were also a few other minor bug fixes and error handling improvements.
Stay tuned for more improvements and new features coming soon.Aloha,
I just released my new Anti-Malware plugin for WordPress. It is still in BETA but I think it will be very helpful in removing malicious scripts and patching security vulnerabilities.
Please feel free to leave feedback and donations are always appreciated.
I made my PHP scripts into a WordPress plugin and installed it on a couple of different servers to test it. Over the next few weeks I will be testing, refining, and improving the plugin to get it ready for release to the WordPress community. Anyone interested in testing it on their WordPress site should contact me and I will set you up with a pre-release version.