WP-Sentinel

A wordpress security system plugin which will check every HTTP request against a given set of rules to filter out malicious requests.

Author:Simone Margaritelli aka evilsocket (profile at wordpress.org)
WordPress version required:2.8
WordPress version tested:3.3.2
Plugin version:2.0.3
Added to WordPress repository:28-09-2010
Last updated:03-02-2012
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:52
Rated by:5
Plugin URI:http://lab.evilsocket.net/
Total downloads:23 277
Active installs:80+
plugin download
Click to start download

WP-Sentinel, is a plugin for the WordPress platform which will increase the security of your blog against attacks from crackers, lamers, black hats, h4x0rs, etc . The plugin will be loaded by wordpress before every other installed plugin and will execute some security checks upon incoming http requests and, when one of more requests turn on the system alarm, they will be blocked, the sentinel then will show a warning message to the user and send a notification email to the blog administrator with the whole attack details. Furthermore wp-sentinel will communicate with a centralized server to collect attackers data and build a ip address blacklist.

This plugin is able to block those kind of attacks :

  • Cross Site Scriptings
  • HTML Injections
  • Remote File Inclusions
  • Remote Command Executions
  • Local File Inclusions
  • SQL Injections
  • Integer & string overflows
  • Cross Site Request Forgery
  • Login bruteforcing
  • Flooding
  • ... and so on 🙂

WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.


FAQ
ChangeLog