WP AutoShield®: One-Click WordPress Security from cPFence: Page 3 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

GoSuccess

cPFence Thank you for your detailed answer. 🙂

Our software is fully GDPR-compliant. IPs are stored only in the client’s database and are not sent to any third party.

That's not quite right about the IP addresses. Just because the IPs are not shared with third parties, they are still processed and this processing is GDPR relevant.

Since it is not necessary to store the IPs, the IPs may not be stored without the visitor's consent. Of course, one could argue that the storage of IPs is security-relevant and can therefore take place without the visitor's consent. However, even then, storage is not permitted for an unlimited period of time, but may only be as short as possible. In this case, for example, 5 minutes. After that, the IPs would have to be deleted from the database in any case.

Regardless of this, the use must always be mentioned in the privacy policy, even if the IPs are stored anonymously. And this again makes it difficult to activate the plugin by default for all customers.

I just wanted to point this out. Perhaps it would be important to simply document somewhere exactly how the plugin works and when which data is processed, so that everyone can make an informed decision for themselves.

cPFence

GoSuccess

You are absolutely correct that processing IPs is GDPR-relevant, as they are considered personal data under the regulation. However, GDPR does allow the storage and processing of IPs for security purposes under the legitimate interest basis (Article 6(1)(f)), as long as this processing is necessary and proportional. You can find more details here: https://gdpr.eu/article-6-how-to-process-personal-data-legally/.

Storing IPs is critical for identifying and mitigating security threats, and this applies to nearly all security software, including plugins like Ninja Firewall and cPFence. Of course, it's essential for both the company's and the client website's privacy policy to mention the processing of IPs. This requirement is not specific to cPFence but applies to any security tool or plugin handling personal data.

I understand your concerns, and I've reached out to the legal team of one of my clients, who frequently deals with GDPR compliance, to review this matter further. I'll share any updates or insights they provide. Acting early to address GDPR considerations is always a good practice to avoid surprises later. Thank you once again.

bluelinq-computers

leonardo @btraill Apologies for the delayed reply, but the issue with RankMath has to do with encryption. https://rankmath.com/kb/fix-automatic-update-unavailable-for-this-plugin/#unable-to-encrypt

cPFence

Update:

We’ve received feedback from our client’s legal team regarding GDPR compliance. Based on their advice, we’ve implemented a few minor changes to enhance compliance and follow best practices.

Here’s the latest cPFence update:

Version 3.3.14

Added:

Introduced the ability to bulk remove the cPFence MU plugin from all WordPress sites server-wide. Use the command:
cpfence --bulk-remove-mu-plugin.

Improved:

Idle Logout Feature: jQuery is now enqueued only when the idle logout functionality is enabled, optimizing resource usage.
Login Limit Feature: IP addresses are now hashed before being stored in the database, ensuring full anonymization and enhanced GDPR compliance.
Automatic Cleanup: WP AutoShield now clears all expired transients storing hashed IPs daily, further ensuring GDPR compliance.

To ensure full transparency and compliance with GDPR, as advised by the legal team, we recommend including the guidance outlined in the following link within the privacy policy of your hosting company website or any client’s website concerned about GDPR compliance:

Is cPFence GDPR-Compliant?

Thanks, @GoSuccess, for your valuable feedback!

Zoinkies

cPFence any chance you guys can make a module for auot including a mu plugin estate wide?

cPFence

Introducing Owl AutoMySQL®: One-Click MySQL Resource Limits from cPFence

Owl AutoMySQL automates the monitoring and management of abusive MySQL users, solving a major pain point for shared hosting servers with high user volumes. It ensures optimal server performance by preventing resource abuse, all without manual intervention.

One-Click Activation:
Activate with a single command: cpfence --owl-automysql-on
Owl AutoMySQL will begin 24/7 smart monitoring and management instantly.

Customizable Exclusions:
Exclude specific websites or priority clients by adding them to your configuration file: /opt/cpfence/config.conf.

cPFence

Zoinkies

Bulk plugin installation, uninstallation, and blacklisting are coming soon. We might consider adding MU plugin support in the future.

Zoinkies

cPFence kickass thank you, hopefully you’ll soon be able to put a Ui in Enhance for all of this.

cPFence

Zoinkies

We’re just waiting for the Enhance framework to make this happen. In the meantime, we’re focused on adding more one-click, set-it-and-forget-it features.

franco

cPFence I think waiting for Enhance is not a good idea.

They are swamped with things to launch and I believe this is at the end of the queue.

Besides, they are very late.

Sulli86

Has anyone had issues with users now being unable to log into their website after doing the math equation? I have had multiple clients report issues of signing in/

cPFence

Sulli86

Yes, we’ve had a few clients report this, and it turns out they’re either entering the password or math equation incorrectly. One case involved a custom math captcha modification conflicting with the cPFence one.

I’d recommend trying to log in yourself to confirm the issue. If you still encounter problems, feel free to drop us a ticket, and we’ll get it sorted.

For less tech-savvy clients, it might be easier to add them to the exclusion list to avoid the headache altogether.

Sulli86

cPFence It actually appears to be if third-party MFA is enabled for instance wordfence or two-factor

cPFence

Sulli86

It’s been tested to work well with Wordfence MFA. If you’ve found another plugin that conflicts with it, please drop us a ticket and let us know so we can look into it.

Sulli86

cPFence Ill do further testing and raise a ticket

cPFence

Sulli86

After testing multiple MFA plugins, I was able to replicate the issue with one plugin (miniOrange 2-factor). Please submit a ticket with the name of the problematic plugin, and we will assist you in resolving the issue. The next version will offer enhanced compatibility with these MFA plugins.

cPFence

Version 3.3.17 (8th January 2025)

Added

LiteSpeed Features:
- Who said you need paid LiteSpeed Enterprise to enjoy bulk features? With cPFence, you can now achieve the same functionality on OpenLiteSpeed (OLS) with just one click!
- cpfence --bulk-install-ls-plugin: Install the LiteSpeed plugin on all WordPress sites server-wide.
- cpfence --bulk-configure-ls-plugin: Configure the LiteSpeed plugin with Advanced presets and Redis enabled server-wide.
- cpfence --bulk-clear-litespeed-cache: Clear the LiteSpeed cache on all WordPress sites server-wide.
WordPress Bulk Management:
- Gone are the days of relying on tools like MainWP or InfiniteWP to bulk manage your WordPress sites. With cPFence, you can now handle it all seamlessly with server-wide commands:
- cpfence --bulk-install-wp-plugin: Search and install any WordPress plugin using a name, ZIP file path, or URL to ZIP server-wide.
- cpfence --bulk-uninstall-wp-plugin: Deactivate and uninstall any WordPress plugin server-wide using the plugin slug.

Improved

Enhanced cPFence MU Plugin compatibility with multi-factor authentication (MFA) plugins.

leonardo

cPFence Configure the LiteSpeed plugin with Advanced presets and Redis enabled server-wide

Would it be possible to know what is within the advanced presets or it’s the “advanced preset” that can be selected within the LS plugin. Also Redis is enabled via LS plugin and not within the standalone Redis WP app? Would be maybe good (if not already) that Redis setup is skipped if Redis plugin already installed.

cPFence

leonardo

You can check the details of the "Advanced Presets" within the LS plugin settings in the WordPress admin panel—it’s essentially the recommended configurations by the plugin.

Regarding Redis, if you prefer using your custom Redis plugin, you should avoid using this tool as it’s hardcoded to activate Redis through the LS plugin. However, it’s generally recommended to use the built-in Redis functionality of LiteSpeed for simplicity and ease of management. With this setup, clearing the LiteSpeed cache also clears the Redis cache, ensuring everything stays synced with minimal effort.

That said, it ultimately depends on your preferences and how you’d like to manage your setup.

Also, please note that these are manual tools and are unrelated to the automatic features of WP-AutoShield, which operate independently to enhance site security.

Andreas

I just tested this. What was interesting, is after I ran the 2 commands, my website started to load this https://prnt.sc/Ff674vBj2g-B

I then ran cpfence --bulk-clear-litespeed-cache and now the site is loading up fine.

edit: ok spoke to soon. its doing it again https://prnt.sc/_WFfi2tMLmzv

cPFence

Andreas

This tool simply uses the built-in native WP CLI to activate the plugin and apply the "Advanced Presets" in bulk, saving you time. If your site isn’t compatible with the Advanced Presets for any reason, it’s best not to use the configuration tool for that particular site. Instead, use only the install tool and configure it manually from admin panel to your liking.

Andreas

cPFence yeah i figured it would be just that. I guess kadence starter sites are not compatible with Litespeed cache. Interesting. OK i will test another theme out.

« Previous Page Next Page »