Tag: hack

Tartarus Bot Ban & Crawl Keep watch over Plugin for WordPress (Miscellaneous)

Purchase $14.00

What is this plugin about?

– Do you want to know exactly what bots have accessed your website, when and how many times?
– Do you want to automatically ban bots that do not follow your robots.txt file directives (trust me, there are a lot of this kind)?
– Do you want to automatically ban robots that spam your website’s comment section with automated text?
– Do you want to make your comment form more secure by adding to it a simple ReCaptcha?
– Do you want to get rid of referral spam in your Google Analytics web stats?
– Do you want to ban known bad robots that abuse your website, making it’s speed sluggish?
– Do you want to put yourself in full control of the crawling of your website?
– No problem!

What You Can Do With This Plugin?

You can create a bad crawler trap that will block further access of ‘bad bots’ – those that do not respect the rules you defined in the robots.txt file
You can create a honeypot trap that will capture all bots that automatically leave comments on your website, spamming
You can automatically block all known ‘bad bots’ (based on their User Agent) from accessing your website. For a full list of these bots, consult the plugin’s documentation
You can automatically block all known ‘good bots’ (here are included the ones with real SEO value – GoogleBot, BingBot, Yandex, etc.
You can log website visitors bots and humans alike, and view website traffic reports in the plugin settings panel
You can except bot names that you do not want to ban in any circumstances
You can except bot IP Addresses that you do not want to ban in any circumstances
You can configure this plugin to send you an automated email every time a new bot gets banned
You can customize the message shown to the banned bots
You can configure user banning to always allow access even for banned users to login and admin page – to assure that you are not locked out from your own WordPress installation
You can configure this plugin to always allow access to the website for logged in users
Referral Spam Blocker – you can block a wide range of known referral spam sources – do not bother with spikes cause by referral spam in Google Analytics
You can add a layer of protection to your website by automatically blocking a wide range of known malicious bots using your .htaccess file
You can integrate Google’s fully customizable ReCaptcha technology in your comments, log-in, register and forgot password forms
You can edit your robots.txt file with ease. Do not worry, if something goes wrong, the ‘Restore Defaults’ button will be on your side!
You can edit your .htaccess file with ease. Do not worry, if something goes wrong, the ‘Restore Defaults’ button will be on your side!
You can add to all of your page types a robots meta tag, including: NOINDEX, NOFOLLOW, NOODP and NOYDIR. Page types include: posts, pages, home page, category, archive, search, taxonomy, not found, tag and media.
You can add manual rules in user banning. Add a custom IP Address or User Agent, and it will be banned until the rule is active.
You can add an obfuscated email address to your site content (it will be normally displayed to human visitors, but robots cannot read it and steal it) – by adding the [tartarus_add_secure_email email=”example@email.com”] shortcode. Wildcard support in manual rule adding.
Not enough features for you? This plugin is also fully mobile compatible, is translations ready, is optimized for speed – has no speed impact and benefits of lifetime updates and support.

Purchase $14.00

December 19, 2016
Safety Ninja PRO (Utilities)
Purchase $41.00

Years of industry’s best practices on security combined in one plugin! Click to test the plugin NOW
- perform 40+ security tests including brute-force attacks
- check your site for security vulnerabilities and holes
- checks for Timthumb vulnerability
- take preventive measures against attacks
- don’t let script kiddies hack your site
- use included code snippets for quick fixes
- extensive help and descriptions of tests included
- Core Scanner module – compares all core files to their master copies on wp.org
- Malware Scanner module – makes sure your theme and plugin files are clean
- Events Logger module – saves every single event that happens on the site, including all failed login attempts
- Scheduled Scanner module – runs tests on its own, so you don’t have to
Changelog
```
v5.0 - November 24th, 2016
* first release on CC
```
Purchase $41.00
December 19, 2016
[WP] Verifile – Observe New & Edited Recordsdata (Utilities)
Purchase $16.00

Verifile is the all in one security solution for database driven websites! It’s simple to use, and notifies you as soon as it detects either a new file, or a change in an existing one via email. Verifile implements an “install and forget” model, meaning it will run completely in the background without requiring any work from you!

Database driven websites (such as WordPress, Drupal etc. sites) rarely change their files, as all of your data is stored in a database. Hackers and cyber criminals on the other hand like to place little bits of extra code near your login functions in order to steal credentials, or even upload entirely new files to give them complete access to your server! As soon as this happens, Verifile will realise and email you with a warning – allowing you to easily see which files have been added or edited via the dashboard panel.

Simply put, this script will ensure your website is doing exactly what you want it to be doing, nothing more or less! In this day and age of rampant cyber crime, it doesn’t make sense not to use Verifile.

This is the WordPress plugin version

Demo details:
- Username: admin
- Password: admin
Features:
- Easy to install
- New / edited file detection
- Recursive file scanning
- Immediate email notifications
- Secure login system
- Automated background scanning
- No hassle & easy to use!
Version 1.11
- General Bug Fixes
Version 1.1
- Excludes
- Multiple Directories
- Settings Page
Coming Soon
- Shell Scanner
- Off-Site backup
Purchase $16.00
September 4, 2015
Malware Scanner add-on for Safety Ninja (Add-ons)
Purchase $6.00

Keep your plugin, theme and custom files in check!
- one click scan – quickly identify problematic files
- scan all (active and disabled) theme files
- scan all (active and disabled) plugin files
- scan all files uploaded to wp-content folder
- scan options DB table
- more than 20 tests performed on each file
- detects malicious code even if it’s obfuscated
- see exact parts of the file that malware scanner marked as suspicious
- whitelist files that you have inspected and know are safe
- optimised for large WP installations with numerous files
- complete integration with Security Ninja’s easy-to-use GUI
- compatible with all themes and plugins
Demo and details

Changelog
```
v1.0 - March 4th 2015
* initial release
```
Purchase $6.00
March 5, 2015
Safety Ninja Plugins Bundle (Utilities)
Purchase $34.00

Grab all the best security plugins available on CodeCanyon, completely protect your WordPress site and save $13.

Bundle includes:
1. Security Ninja – $11 value, find out more
2. Login Ninja – $17 value, find out more
3. Core Scanner add-on for SN – $6 value, find out more
4. Scheduled Scanner add-on for SN – $6 value, find out more
5. Events Logger add-on for SN – $7 value, find out more
Changelog
```
v1.0 - September 16th 2014
* initial release
```
Purchase $34.00
September 17, 2014
Occasions Logger add-on for Safety Ninja (Add-ons)
Purchase $7.00

Monitor everything that happens on your WordPress site!
- monitor, track and log more than 50 events on the site in great detail – view demo
- know what happened on the site at any time, in the admin and on the frontend
- prevent “I didn’t do it” conversations with clients – Events Logger doesn’t forget or lie
- easily filter trough events
- know exactly when and how an action happened, and who did it
- receive email alerts for selected groups of events
- events are logged for following modules:
  - Comments – add, edit, trash, spam, approve, …
  - File editor – which file was edited in a plugin/theme
  - Installer – updates for core, plugins and themes; activation for themes/plugins
  - Media – add, remove, edit, …
  - Menus – add, remove, edit, …
  - Posts – for all post types; add, remove, edit, status change, …
  - Security Ninja – basic scans, core scans, scheduled scans
  - Settings – any change for core and plugin/theme settings
  - Taxonomies – for all taxonomies; add, edit, remove, …
  - Users – login, logout, register, edit, remove, role change, …
  - Widgets – add, edit, remove, reorganize, …
- each logged event has the following details:
  - date and time
  - event description (ie: “Search widget was added to Primary sidebar.” or “Failed login attempt with username admin.”)
  - username and role of user who did the action
  - IP and user agent of the user
  - module
  - WordPress action/filter
- complete integration with Security Ninja’s easy-to-use GUI
- compatible with all themes and plugins
Demo and details

Changelog
```
v1.0 - August 7th 2014
* initial release
```
Purchase $7.00
August 9, 2014
SafeGuard Professional for WordPress – Offer protection to your Web site (Miscellaneous)
Purchase $32.00

Get in touch with us

Live Demo

Admin Area – User: demo – Password: demo
Frontend

Use the search function on the left side to test the SQL injection protection.

For example enter: Gewora'; DROP TABLE members; --
or use this direct link to do the same..

SafeGuard Pro for WordPress

SafeGuard Pro for WordPress protects your WordPress site from many tpes of threats, and allows you to review them in the admin area. You will get provided with very detailed logs.

You can redirect blocked threats to a custom page, for example to a access denied page. SafeGuard Pro for WordPress comes with 4 ready to use error pages.

Protection Features
- Blocks most of the proxys and VPNs
- Detects SQL Injections based on a complex pattern system to avoid “false positives”
- Detects XSS Attacks based on a complex pattern system to avoid “false positives”
- Detects known spammers
The installation is extremely easy. Simply import the .zip file at your WordPress admin panel, activate it, and you are ready to go. The settings (even the error pages) are aleady set up. You can change them of course if you want to.

Features
- Proxy Detector and Blocker
- VPN Detector and Blocker
- SQLi Protection (SQL Injection)
- Cross-Site Scripting Protection (XSS)
- Spammer Protection (Spam Database)
- DDos (Mass requests)
- Fully featured Admin panel
- Enable logging for the desired threats
- Redirect blocked threats to a custom page
- Block the IP threat’s ip address
- Sortable Logs
- Many details for the blocked threat
- Enable/Disable the desired protection
- Enable/Disable the desired logs
- Enable/Disable the desired auto-bans
- Ban IPs
- Ban Countries
- Extremely easy to install
- Easy to understand documentation
- Nice and clean UI
Purchase $32.00
July 28, 2014
Confodio Safety Audit (Miscellaneous)

Purchase $14.00

Confodio Security Audit is a WordPress plugin that performs a security audit and solves security issues.

CSA is tests system against certain list of vulnerabilities and the results are displayed to the user. User has the ability to view every single test that affects the score, and possibility to fix the vulnerability. Advanced settings are provided for people with more knowledge in the field as well.

Confodio Security Audit is developed as part of BSc Web Development thesis at University. The research is ongoing and will continue, more functionality will be added and User Experience is improved with each version.

Purchase $14.00

February 2, 2014
Sensible Safety Instruments (Utilities)
Purchase $18.00

Plugin Information

Smart Security Tools is a powerful plugin for improving security of your WordPress powered website. Plugin contains collection of tweaks and tools for extra security protection along with Security Advisor that can help you determine what needs to be done. Plugin includes integration of Sucuri Free Security Scanner (shows malware on the website and blacklisting status on major security related websites). Plugin includes database based Security Log that can log different event types you can use to detemerime problems, potential attacks and exploits, IP’s used for access, referers, user agents… You can ban IP’s from Security Log.

Security Advisor will help you get started

Plugin offers tips on what you need to improve on your website. Based on the status of tips on this panel, plugin will calculate security percentage. It is important to follow all recommended tips and as much as you need optional tips.

Collection of easy to use security tweaks

General tweaks are easy to set up, and you can solve many security issues directly with these. Some of these tweaks, if active will also log security events into database.

List of general tweaks
- Prevent SQL injections
- Prevent too long URL’s
- Simple registration honeypot
- Remove errors from login screen
- Restrict username length
- Remove username from comments CSS classes
- Remove WordPress version
- Remove RSD link
- Remove WLW manifest link
- Disable XML-RPC
Collection of powerful .htaccess enhancements

Most important security features are implemented using .htaccess file in the WordPress root directory. This is available only for Apache (and LiteSpeed) based web servers.

List of .htaccess tweaks
- Prevent WordPress installation directory browsing
- Disable the Server Signature on server error pages
- Deny all comments requests with no valid referer
- Prevent access to WordPress root system files
- Ban access to IP’s banned in Security Log
- Ban access to additional listed IP’s
- Limit body size of a single request and file upload size
- Prevent access to XML-RPC due to Pingback Vulnerability
- Disable Trace and Track request methods
- Blacklist Query Strings using listed rules
- Blacklist Request Strings using listed rules
- Blacklist User Agents using listed rules
Security Logs to track security related events

Security Log adds two database tables to log all sorts of security related events. For each event you will get information about user (or visitor), IP, user agent, referer and other information depending on event that can help you track sources of new security probes or attacks. You can ban IP addresses through the security log panel.

List of events types logged by plugin
- Login
- Logout
- Login Error
- Error 404
- Registration
- Registration Honeypot
- SQL Injection URL
- Too Long URL
Other Plugin Features Included
- Change ‘admin’ username if exists
- Change any username
- Export and Import settings
- Support for Multisite WordPress mode
System and WordPress Requirements
- WordPress 3.2 or newer
- PHP 5.2.4 or newer
- Apache Web Server (for .htaccess based tweaks and tools)
- Access to .htaccess file (if not, you need to manually add changes to it)
Disclaimers
- For .htaccess based tweaks and tools plugin supports only Apache (and LiteSpeed) web servers. If you use some other web server, you can only use other plugin features.
- Make sure you read plugin documentation and all the information provided by the plugin for each tweak and tool.
- If you make changes to blacklist .htaccess tweaks, or list of IP’s to ban, be careful with those changes, or you can even lock yourself out of the website.
- You are using Smart Security Tools for WordPress at your own risk.
Changelog

Version 1.0 / 2013.11.22.
- First version
Purchase $18.00
December 6, 2013
5sec Google Authenticator 2-Step Login Safety (Utilities)
Purchase $15.00

Add bank-grade security powered by Google to your site

Each login requires a new, unique, time restrained OTP (one time password) your phone generates. Even if someone knows your password they won’t be able to login. If someone tricks you into clicking “remember password” on an unsafe computer – it won’t matter! If someone steals an old OTP – even that won’t matter because they’re valid for only 2 minutes!

Forgot to log out? No worries!

The auto log out feature protects your account by automatically logging you out after a preset amount of time. You won’t leave the page as the log in form will be opened in a lightbox. After you enter a new OTP you’ll still be on that page and continue doing work.

Brute-force attacks got you pinned down? We have your back!

Built-in IP based brute-force protection ensures ease of mind even in the worst scenarios when you’re attacked by thousands of bots. Fine tuning of the ban rules allows you to ban them from logging in or even from accessing the whole site. Don’t worry, you can easily whitelist your own IP so you don’t lock yourself out.

Features
- two step login process adds extra protection to your site
- no extra SMS charges or anything simmilar
- nobody can hack you even if they know your password
- nobody can login to your account without your phone and a freshly generated OTP
- per-user option for enabling/disabling two step authentication
- protect your site from users who love to click “remember my password”
- auto log-out feature to ensure nobody uses the admin after you do
- complete brute-force attack protection with 5 options to fine tune ban rules
- IP whitelist option for brute-force protection
- mobile apps available for iPhone, iPad, Android & BlackBerry
- if your phone dies or gets lost there’s a secret URL (uniquely generated for each site) you can use to login with only username & password
- QR codes are automatically sent to new users; or you can always email them later via the users screen (as many users as needed can be emailed at once)
- translation ready
- famous 5sec concept for easy setup & usage
- easy-to-use native WordPress GUI
- professional & fast support
- detailed documentation and in-line help on every step
- more details, info & help
Changelog
```
v1.15 - October 13th 2013
* added per-user option to enable/disable two step authentication
* fixed a few bugs

v1.1 - October 9th 2013
* added whitelist IP option to brute-force module
* added mass email option on users screen so that QR codes can be sent to existing users
* fixed a few bugs

v1.0 - October 5th 2013
* initial release
```
Purchase $15.00
December 6, 2013