Skip to content

Commit

Permalink
Update README to reflect recent changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@chesio
chesio committed Mar 5, 2024
1 parent 466953e commit 6215aa9
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,10 +144,11 @@ Passwords are validated on user creation, password change or password reset. If

Remote IP addresses that are scanning your website for weaknesses can be automatically [blocked](#internal-blocklist) for configured amount of time. Such scanners can be usually quite easily detected because while scanning a website they trigger a lot of 404 errors and URLs they try to access differ from "valid" 404 errors: usually they try to find a known vulnerable plugin, forgotten backup file or PHP script used for administrative purposes.

There are three built-in rules available (they are not active by default):
There are four built-in rules available (they are not active by default):
1. ban when non-existent PHP file is requested (any URL ending with `.php`)
2. ban when non-existent backup file is requested (any URL targeting file with `backup` in basename or with `.back`, `.old` or `.tmp` extension)
3. ban when non-existent `readme.txt` file is accessed
2. ban when non-existent archive file is requested (any URL ending with `.tgz` or `.zip`)
3. ban when non-existent backup file is requested (any URL targeting file with `backup` in basename or with `.back`, `.old` or `.tmp` extension)
4. ban when non-existent `readme.txt` file is accessed

You may define custom rules as well (in form of regular expression).

Expand Down Expand Up @@ -198,7 +199,10 @@ You can mute all email notifications by setting constant `BC_SECURITY_MUTE_NOTIF
Following events triggered by BC Security are logged:

1. Short and long lockout events (see [Login Security](#login-security) feature)
2. Requests blocked by [external](#external-blocklist) or [internal](#internal-blocklist) blocklist
2. Requests blocked by [external](#external-blocklist) or [internal](#internal-blocklist) blocklist _(* see note below)_
3. Requests that match any of configured [bad request rules](#bad-requests-banner)

_(*) Note: in case internal blocklist is synchronized with `.htaccess` file, HTTP requests are blocked by webserver before being handled to WordPress, therefore they cannot be logged by the plugin._

Following events triggered by WordPress core are logged:

Expand Down

0 comments on commit 6215aa9

Please sign in to comment.