=== tinyShield - Simple. Focused. Security. === Contributors: adamsewell Donate link: https://tinyshield.me Tags: security, blacklist, brute force, bruteforce, firewall Requires at least: 4.8 Tested up to: 5.1.1 Stable tag: 0.2.2 Requires PHP: 5.6.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html tinyShield is a real time blacklist security plugin for WordPress. It aims to be an extra layer of security for your site. == Description == tinyShield works in three parts, a whitelist, a blacklist, and a permanent whitelist. Both the whitelist and blacklist are rotating, as a visitor hits your website their IP address is compared to our ever evolving blacklist to see if they are known to be producing malicious traffic. If the visitor is determined to be a known malicious IP address, we add that to your blacklist. If not, we add it to your whitelist. An IP address on either of these two list will be rotated off in 24 hours, to be re-checked upon their next attempt to connect to the site. The permanent whitelist is up to you to populate. These are IP addresses that you know to be good. Upon activation, we automatically add the IP address that you activate the plugin from to ensure you're not locked out of the site. This list is never automatically purged but you can remove entries yourself. == Installation == This section describes how to install the plugin and get it working. 1. Upload the plugin files to the `/wp-content/plugins/tinyShield` directory, or install the plugin through the WordPress plugins screen directly. 1. Activate the plugin through the 'Plugins' screen in WordPress 1. Use the Settings->tinyShield screen to register and activate the plugin == Frequently Asked Questions == = How do I gain access to the service? = tinyShield is made up of two components - the WordPress plugin and our servers. The plugin will not function correctly without registering with tinyShield. Registration can be done directly from the Settings tab of tinyShield. There is no cost for the community version of our real time blacklist. You have the option to upgrade to our professional list and gain access to a more comprehensive blacklist. = What is crowd sourced security? = tinyShield reports some data from your site in order to improve our community and premium feeds. For each site that uses tinyShield, even using the community feed, will contribute back to help the other users of tinyShield. = How much does it cost? = Currently, there is no charge for the community version of this service. The premium feed, billed annually at $2.50 USD per month, will help support the project and also automatically give you access to a more comprehensive feed. = What performance impact will this have on my site? = In our testing, we have noticed no performance issues while using the plugin. If for some reason our servers are unreachable, the plugin will fail open. This means that if our servers are down for any reason, your site will continue to work and utilize the local cached lists. = Privacy = While tinyShield collects information from your site, we only collect the offending IP address, failed user login attempts, and the site the attempt was made on (as you can see from examination of the code). These items are only logged to determine patterns. No information we collect will EVER be sold or given to third parties. This section will always be up-to-date with all information that is reported back to tinyShield. Also, we encourage you to review our source code for accurate information. = Is tinyShield compatible with other security plugins? = While tinyShield does not cause any known conflicts with other WordPress security plugins, and can work well alongside them as an extra layer of protection. It takes a very targeted approach to just real time blacklists. There are however, some plugins that are known to cause tinyShield to not operate normally. They are listed below. 1. wp-spamshield = Banner Image Credit = Image credits to: https://unsplash.com/@matthewhenry == Changelog == = 0.2.2 = * [+] added the ability to submit multiple ip addresses at one time to the perm whitelist * [*] fixed an issue when removing and adding entries to the perm whitelist would cause an entry to be deleted * [*] addressed a couple of notices and errors on activation [thanks vasyl martyniuk] = 0.2.1 = * [*] fixed an issue with options saving when updating plugin = 0.2.0 = * [+] added the feature to block top attacking countries * [*] fixed a time expiration bug on the whitelist * [*] fixed a time sorting issue = 0.1.9 = * [*] fixed a expiration bug where whitelist entries would be checked every 24 hours, it should be every hour * [*] adjusted the author/website information = 0.1.8 = * [+] added the ability to clear locally cached lists in case of issues * [+] added the ability to report a false positive from the activity log * [+] added location information to whitelist * [+] added the ability to register a site directly from the plugin * [*] reworked the settings page to be more streamlined * [*] fixed a potential fatal error if a wp_error is thrown on checking against endpoint * [*] fixed some issues with timestamps not being correct on last access and expirations = 0.1.7 = * [+] added the ability to store the last time an IP address attempted to connect to the site * [+] changed the "Allowed" and "Blocked" text to emojis to make things a little more visually pleasing * [+] server side: moved crawler detection right after whitelist check to avoid crawlers being blacklisted * [+] server side: added the addition of a new ip source list and also removed one that provided a lot of false positives = 0.1.6 = * [*] adjusted the whitelist expiration from 24 hours to 1 hour. If an attacker is blacklisted it will be caught much more quickly now. * [*] fixed a few small bugs * [+] added the ability to turn off reporting of failed logins * [+] server side: added some additional sources for comment spam and web crawlers = 0.1.5 = * [*] fixed a display bug on the perm whitelist tab * [*] fixed a date expiring bug when activating tinyshield for the first time = 0.1.4 = * [+] added the use of list tables for better visualization of the data * [+] added the use of geoip data to show where blacklisted ip addresses are from * [*] adjusted the data that is sent from the tinyshield servers to allow for expansion in the future * [+] added the ability to manipulate the lists from the list tables (ie, move from one to another) * [+] server side: added whitelists to prevent msnbots, googlebots, etc from being blacklisted by false positives * plus more = 0.1.3 = * clarified site activation errors to not be so generic = 0.1.2 = * initial point release