WPIDS v0.1.2 officially released
We are pleased to announce the availability of WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS.
The Plugin is able is able to detect attack strings and block them. This adds that needed layer of protection!
The latest version ships with PHPIDS version 0.4.7. The latest PHPIDS release fixes a number of false positives as well as now being able to detect even more attacks. The following bug fixes have occured within WPIDS code (to mention a few):
- XML-RPC is no longer blocked by default, it’s optional.
- Non English chararacters aren’t dropped anymore, allowing other languages. This initially broke the search facility.
- Each intrusion is now clearly visible and an error is displayed. In short, it looks alot cleaner and slicker!
Known bugs: Search engine traffic with HTTP_REFERER set generates logs. The login Page displays some errors about missing Cookie-Values. Both of them are harmless and will not cause any problems. They are not critical fixes and will be fixed in the next release (version 2).
This version will be a complete rewrite of the current Codebase, with the aim to make it more modular as well as to provide additional options. Some of the WP Lockdown’s plugin functionality will be modified as we have stumbled across problems running them concurrently.
The original release is available at phpids.org, a Full Package is ready for Download, or you can get your latest Copy from the Subversion.
If you encounter any Problems or you’ve got any feature Requests please put them into my Forum.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
Just in case. WP 2.3.3 with PHP 4.4.7 ( should be “running the Plugin with Lockdown active” as they stated for none-PHP 5.1.6 websites) reads “Plugin could not be activated because it triggered a fatal error.”
Interesting, I shall have a look at this. What’s the performance footprint? (typical run time in ms & how many queries it fetches?)
Good question but I’ve never tested it actually, for the runtime it should be a bit more than PHPIDS does: http://php-ids.org/2008/02/17/phpids-white-paper-published/
Queries are only done if something was found and will be logged into the database. Else it doesn’t use any Query at all.
[...] you surely recognized from php-ids.org and BlogSecurity.net already I made a new release of WPIDS. This release fixes several problems with the usability of [...]
Thx for the update - I love having this extra security enabled on my blogs and appreciate the work you’ve done on it. Thx again!
[...] while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. [...]
Hi Philipp! ;)
What about a new update of this great tool??
The PHPIDS version included in the plugin is a bit outdated :(
(I wonder if replacing the IDS directory with the new version will work fine…)
Excellent work Phil! Keep it up. I think this project will become more and more popular as PHP5 becomes more wide spread.