Plugin / 6Scan Security

6Scan

Frequently Asked Questions (FAQ)

Yes, 6Scan Security has been tested with many other security, antivirus, firewall and backup plugins and does not conflict with them. If you suspect any compatibility problem, please contact us via our support area or email [email protected].
We work with all standard hosting packages that support WordPress. We have specifically tested 6Scan Security with many popular hosting companies, including GoDaddy, Hostgator, Dreamhost, Site5, 1&1 and others. Of course, more advanced configurations such as VPS/VDS are also supported, as long as your file permissions are configured correctly (see the Installation section for more details).
6Scan requires write permissions to your web root directory and .htaccess file in order to install the automatic fix signatures. For more information on how to enable write access, please see https://codex.wordpress.org/Changing_File_Permissions .
6Scan Security currently works with any server that has .htaccess and mod_rewrite support, such as Apache and IIS. This is required, so that 6Scan could intercept and analyze requests before they reach server and potentially vulnerable scripts. Support for Nginx is planned in the future.
We pay specific attention to our plugin’s performance because it should work seamlessly, even under heavy load. Because our initial flagging rules are optimized to be lightning fast, and only suspicious requests undergo additional checks, your site’s legigimate users will not be affected.
TimThumb is an RFI vulnerability, which is based on including a malicious PHP script as a path to your TimbThumb gallery. It is easily filtered out by 6Scan Security’s Web Application Firewall. One of the advantages of the application firewall rules is that they are complete generic, and will block out TimThumb wherever it is on your site, as well as automatically blocking similar vulnerabilities in the future.
WAF is an acronym for Web Application Firewall. It is a set of rules which are designed to flag suspicious requests and then act accordingly (for example, by blocking the request before it reaches its target). Our firewall is written to match a set of widespread attacks patterns, while minimizing its impact on user experience.
On average, your site will be scanned once every few hours, making sure your site is scanned several times every day for the latest security issues. However, when a new vulnerability is discovered and published, 6Scan Security will scan affected sites with a higher priority to make sure the vulnerability is fixed right away.
We monitor all the large exploit databases 24/7, which allows us to respond immediately to any publicly published exploit. Our security research team also analyzes WordPress and plugin code to find vulnerabilities and malware even before they are known to the general public. Finally, we use honeypots – special traps designed to lure hackers in – to gather information about new techniques hackers try, and those techniques are immediately found and fixed on your site before any damage can happen. When you have 6Scan installed, you do not need to worry about a newly found exploit for WordPress or any of your installed plugins – we follow security newsfeeds for you and release a fix before hackers find out about and exploit new vulnerabilities.
First, because other plugins do not protect against all the security vulnerabilities we can. Most other plugins are based on a ruleset which recognizes and blocks certain attack signatures. This approach is effective for protecting against some common SQL injection attacks, but fails to detect or prevent hackers from exploiting flawed logic. For example, it could not protect against an authorization bug in a file upload plugin, potentially allowing unauthorized users to upload malware and viruses to your site. 6Scan’s security response team constantly updates your blog’s protection to deal with the latest threats found on all major exploit databases on the Internet. Second, because 6Scan Security is easy-to-use, so that anyone – even without a technical background – can understand and use our plugin to fix security problems. Our plugin is easy to activate, very user-friendly but still extremely efficient.
A zero-day vulnerability is a security flaw which has been found by hackers, but has not yet been patched by the vendor of the affected component, making it an easy target for hackers. In fact, most hackers operate by taking the latest zero-day vulnerabilities and scanning the entire web for sites which have them! A general firewall or antivirus product will not protect you against many zero-day attacks since new attacks might not match any currently known pattern. Once the vendor has released an update, the vulnerability is no longer classified as ‘zero-day’, but websites must still update the affected component before they are secure. 6Scan Security protects you against zero-day vulnerabilities immediately after they are found and without forcing you to update any components.
Hackers are constantly on the prowl for sites they can exploit. Security vulnerabilities are the hacker’s method of gaining unauthorized access to sites. Once they do, they can steal data, deface pages, install spyware or botnets, and perform other malicious actions against the website and its users. Only by making sure your site does not have any vulnerabilities can you secure yourself against these hackers.
Password strength: 6Scan Security protects your website against hackers, but nobody can protect against a hacker who can guess your password. Always use a complex password that contains letters of different cases, numbers and punctuation. Never use a dictionary word, names of loved ones, or birthdays as passwords, as hackers can easily find them out. Spyware: if your computer is infected with spyware or other malware, it may steal your passwords from you without you even knowing! Always make sure to have current versions of anti-spyware, antivirus and antimalware products active on your computer. Never log in to your site from a public computer, such as a computer in a public library, as these are frequently compromised with malware designed especially to steal passwords as they are entered. Access through HTTPS on public networks: If your website’s login form does not use HTTPS, your login details can easily be intercepted as they pass through public networks, such as WiFi in a coffee shop or a public library network. If you must log in from a public network, be sure your login form uses HTTPS encryption.
6Scan Security protects you from hackers attempting to compromise your site, but it cannot undo the damage a hacker has already caused – it is not an antivirus, but a preemptive protection solution. Any damage must be manually cleaned before 6Scan can effectively secure your site. Our backup feature helps you by ensuring that even if your site is compromised, you will always be able to roll back to a clean and secure version with a minimum of hassle – no antivirus or antimalware required.
Good news! This means that there are no immediate security problems with your site. However, you should still keep 6Scan Security installed so it can continue to monitor your site. It is quite possible that one of your site’s components has a security vulnerability which hasn’t yet been discovered. Once it is discovered (either by our security research team or by another party), 6Scan Security will notify you and allow you to patch it before hackers use it to compromise your site.
Antivirus and antimalware products are designed to let you know when your site is infected by a virus or malware, and help you remove it. However, the existence of a virus or malware on your site means it has already been compromised by hackers! 6Scan Security prevents hackers from getting into your site in the first place, meaning you will never have malware installed. However, 6Scan does include a malware scanner that will let you know if there is any pre-existing malicious code on your site.
You can be notified in three different ways: An email message. A text (SMS) message. A notification on your WordPress dashbord. To set your notification preferences, simply open your 6Scan Security dashboard, click the Settings tab, and check or uncheck the boxes under Notifications.
Easy! Open your 6Scan Security dashboard, click the Settings tab, and uncheck the email box under Notifications. You will no longer receive new vulnerability notifications by email.
In addition to our security features, we have also added automatic scheduled backups for your WordPress site. The backup feature makes sure that even in case of an accidental deletion, server problem, or even lost password, you will be able to restore a working and secure version of your site. Our automatic backup runs automatically on a schedule, backing up both your database and your site’s files to our secure cloud datacenter. A number of previous backups can be stored, ensuring you can go back to a number of points in time. You can download the backups from your 6Scan dashboard; backups are secured, and their download is protected by a key, so only you can download them.
We are always open to feature requests, especially for security-related features. Please contact us with a detailed description of your request at our support area, and we will consider including it in our plugin.
We are a team of ex-military security experts who have implemented traditional expensive and complicated website security solutions. We couldn’t find a way to effectively secure small and medium websites with lower budgets and no technical expertise – which is why we decided to create a WordPress plugin that’s both comprehensive and easy-to-use.

Ratings

3.3
28 reviews

Rating breakdown

Details Information

Version

3.0.6

First Released

04 Dec, 2011

Total Downloads

82,750

Wordpress Version

3.0.0 or higher

Tested up to:

4.0.28

Require PHP Version:

-

Tags

Contributors

Languages

The plugin hasn't been transalated in any language other than English.

DIRECTORY DISCLAIMER

The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.