Plugin / AskApache Password Protect

Description

This is totally and completely unlike any other security plugin for WordPress. They operate at the application-level by controlling or using PHP to stop attacks, this plugin works at the network-level BEFORE PHP, which is why this plugin is so darn effective. This plugin is specifically designed to stop automated attackers attempts to exploit vulnerabilities on your blog that result in a hacked site.

The power of this plugin is that it creates a virtual wall — using builtin Apache Server security — around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload. In addition this plugin also has the capability to block spam and other malicious requests with a resounding slap, saving CPU, Memory, and Database resources. Choose a username and password to protect your entire /wp-admin/ folder and login page (or use my online htpasswd generator. Forbid common exploits and attack patterns with Mod_Security, Mod_Rewrite, Mod_Alias and Apache’s tried-and-true Core Security features. Also uses the Perishable Press 5G Blacklist 2013.

This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.

You can set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication.

Read the .htaccess Guide for more information. Check out the 5G Blacklist 2013.

Has a user-contributed attack signature system modeled after the Snort Intrusion Detection and Prevention system, Nessus Vulnerability Scanner, and the Web Application Firewall ModSecurity.

1. http://www.modsecurity.org/
2. http://snort.org/
3. http://www.nessus.org/nessus/
4. http://httpd.apache.org/
   Of course no plugin would ever be able to stop real hacker intent on taking over your blog, if you are connected to the net on a public line, of course you can’t stop them. The people who are attacking the blogosphere are for the most part just playing. They “hack” code that “exploits” a “vulnerabiliity” in some open-source software like phpBB or WordPress. Those people actually help the community of open source software like WordPress by finding security issues and bringing them to light.. So who is this plugin built to stop? It’s built to stop the people who are trying all the time to maliciously crack into YOUR average blog. Why would someone want to hack an AVERAGE blog like mine or yours? Well the answer is that its not an actual group, entity, or person who is going to try hacking into your blog. Its an army of robots.. and they will never stop the attack.

So how do these robots attack us? What is their ammo? Their ammo is very specific knowledge of exploiting security holes in very specific software to “crack” your blog. Vulnerabilities are discovered all the time, mostly small ones, but those vulnerabiilties that are dangerous to those of us running WordPress 2.5 are LETHAL to those of us running 2.1.. just absolutely deadly. So These robots are programmed to do one thing and one thing only, try the exact same exploit that would work against 2.3 against every computer on the internet, as fast as they can and as anonymously as they can.. terrorizing the networks with these non-stop requests and slowing down the whole internet, which hopefully will start getting faster as more people use this plugin. Robots have no choice but to leave my servers alone. They understand what a 403 Forbidden means, to them it means take me off your list, the exploit I’m carrying is not compatible. But once again, this will not stop a hacker, this will stop 99.9% of the same bots that “hacked” 99.9% of the blogs.

https://www.askapache.com/htaccess/mod_security-htaccess-tricks/