All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Thinking about securing my client area & wp logins with Proxy
So I've given this some thought and I am currently considering to tighten security for my client area by giving my clients access to a free self hosted Squid Proxy in combination with something like SquidGuard. This Proxy wouldn't allow to access any websites but my client area (for security reasons and so ppl don't watch pron). Then I'd make the client area only accessible for people connected through my proxy, blocking basically all abuse/brute force from outside. I also am considering offering my clients to also whitelist their websites (wp only basically) on my Proxy so they can restrict wp-admin login to the IP of my Proxy. I should maybe add that I cater to a small amount of clients so it wouldn't be much of a problem to implement this. I can see this approach being a bit problematic when catering to the masses (lots of people).
Has anyone here attempted that before? Was it worth the effort?
Comments
Well, for my wordpress wp-admin, I only allow it to be accessed from specific ip only. So I need to use squid or vpn or something that show the ip. I set it on the nginx config block so no need for any plugins.
But my squid can access any websites, so you have a good idea.
Thanks for the feedback
Yeah, the idea is to restrict access to my client area and/or client's wp-login to the IP of my proxy.
Why not just setup a private network interface for each client and unmap /wp-admin/ so it's only through the private network? ProxyPass to internal/private interface from public.
ProxyPass /wp-admin/ !Blam.
Will look into that too. Thanks for pointing out
I think it is uncomfortable for customers. I usually have many tabs in my browsers to access various sites, not only someone's client area.
Stupid question, but what happens when the proxy takes a dumper?
Your Admin would inaccessible to the anyone trying to get in, even contributors. You would need a backdoor to be able to fix it. Sounds like a lot of work for such a little gain, but that is just my opinion.
Thanks for mentioning this .
For this reason I was planning to host atleast two proxies on small VPS so there is always a fallback possibility
But yeah. The more this is discussed the more pain it seems to be to setup. For my own websites that's one thing but for my clients websites too, it could prove to be quite the hassle although there is probably a database entry in wp with whitelisted IPs that could be edited to include other IPs or be disabled entirely in case of emergency.
Anyway there you are not wrong there at all. That's I wanted to discuss this.
That's a fair point to make. I already thought it would be but the more it is being mentioned and I give it some further thought it may just be too much a hassle.
For a personal project of mine I restricted access to the backend from localhost so only through the SSH Tunnel I've setup. The idea was that even in the rare chance of my servers IP changing it will still work.
Whatever happened to good old fashion captcha...
It's unnecessary. For Wordpress you just need semi secure passwords, install updates automatically, and no abandoned plugins.
Some customers may want paranoid security settings (which can make sense if a hack would destroy their business), but you can deal with them individually and charge extra.
Nobody likes them and they are ineffective. Someone recently created a proof of concept beating Google's Recaptcha by using Microsoft/IBM Voice Recognition API.
It's using AI to solve AI at this point.
For a personal project not a bad approach at all
AI solves AI, but it will never solve humans. It will never beat us! It will never defeat LET community!