Search the Community
Showing results for tags 'security'.
-
Presentation Originaly developped by Jeff Starr, Blackhole is a security plugin which trap bad bots, crawlers and spiders in a virtual black hole. Once the bots (or any virtual user!) visit the black hole page, they are blocked and denied access for your entire site. This helps to keep nonsens...
- 30 replies
-
- 18
-
-
-
- antispiders
- anticrawler
- (and 2 more)
-
Plenty of posts on the forum relating to Content Security Policy (CSP) and how to integrate it with Processwire. It's not too hard to implement a decent htaccess CSP that will get you a solid B+ at Mozilla Observatory. If you're after A+ it's a little harder because of all the back-end stuff....- 7 replies
-
- 16
-
-
- content security policy
- csp
- (and 3 more)
-
I've been working with ProcessWire for a while now, and I've noticed that using Composer to manage dependencies and autoload external libraries isn't as prevalent in ProcessWire development as in other areas of PHP programming. I started out by using the default setup recommend in this blogpost. How... -
Hey folks, I am currently building a module where the user can input css code inside a InputfieldTextArea on the module configuration. Normally I would just let the user insert a path to a file, but in this case I want the user to be able to insert css code. I am outputting the value of... -
Hello forum, this is my first security related post, so I'm a bit of a newbie. I understand that when I have direct front-input from user I should sanitize the input, but how about when I use a secret key for showing a API for a third-party supplier? Should I sanitize the input->get() key?...
-
Hi, I would like to set an admin template to 'https only' as recommended in the Processwire security docs. However if I do this it forces this setting locally too, resulting in https://localhost requests which result in an error page. Is there a simple way round this? Setting https fo... -
Dear PW Community Let me shout out my question here, I really don't know where to start and hope someone can give me a hint or tell me to resign and go home and cry. I want to create a subpage that is only accessible to people with unique access codes. It's gonna be an online concert strea...
-
Hi guys and ladies! And thanks for Processwire! It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a... -
What's the best process for adding another user with TfaTotp 2FA? Just using it for the first time. Should I supply them with them with the secret when I first create their account? Seems like a security risk? Otherwise how do I create a 2FA user and let them login for the first time?
-
We have many booking calendars made with ProcessWire (own databases) and I want to do a web app (SQL) which allows user to log in. First, the user chooses the right calendar and then (s)he have to log in. The user can be from any of those calendars and the app is not running on ProcessWire (it can i... -
Greetings. I would like to restrict access to certain sections of my organization's ProcessWire site using pubcookie. We are rolling out Shibboleth authentication later this year but for now, it seems I can only make use of our institution's single sign-on routine by utilizing rules in an .htaccess...
-
Hi all, Apologies if this has been asked in the past. We have a test site setup and running on HTTPS with redirect from HTTP. The site is protected from DDoS and arbitrary malicious attack by CloudFlare. From what I can see the administrative login page is still vulnerable to dictionary attacks...
-
The 2018 Guide to Building Secure PHP Software
-
HELLO! Anyone ever used Authy.com or Google authenticator on they processwire projects?
-
Hi, I'm new to PW and like it a lot so far. With most WordPress and Drupal websites there are frequent updates to core & plugins, some of these are security released so I tend to install any updates ASAP. When supporting many websites this update fatigue is pretty tiresome. What is your up... -
Hi, I posted a question on Stack and as yet not got an anwser that is something novel. I'm interested to know if this worries anyone else and whether we can do something about it. So here goes: If a user logins to your online sevice, let's say a job posting site, they give you an emai...
-
Hey guys, I'm building a module to keep a user logged in until manual logout. I know about Login Persist, but this one stopped working for me a while ago and it might not even be compatible with pw3 (haven't tested this) as it's not being updated for 3 years Anyways, the module works, and...
-
Hi all guys! I've a BIG problem here and hope you can help me to solve it. Suddenly yesterday my PW installation stopped letting me to log in. I can access the front-end, but each time i try to log into the back-end it gives me "This request was aborted because it appears to be forged."... -
For an inherited site, I have a section in the ProcessWire admin section with Tools and Settings as children. Unfortunately, I don't have access to these, even as admin. I know this is controlled in the database, but I don't see any way to change the permissions. Through some research, looks like yo...
-
Hi, I Just notice, when i disable X-Powered-by header, it remain the header with blank value, why is that, i did couple of test, run with header check tools, and all the tools i test show me X-Powered-By header with blank value, chrome also shows me that way, but firefox remove it if it doesn't have...
-
I'm working on a website for a client using Processwire. The client had some questions concerning security that i'm not able to answer so i hope you guys can help me out. In general I was wondering if there are any logs about bug fixes and security updates. Has Processwire ever been hacked? And h...
-
Hello, Here is a security related feature request. I am having more and more use of $page->id as a GET or POST parameter, for various workflows in frontend site. Processwire itself is making use of it at some places related to frontend, eg. for comments submission workflow. My problem is : Th...
-
Hello! I'm quite new to Processwire. Currently I'm selling my first Processwire based site to a customer. She is thrown out of the admin interface often. The session logs,which are attached, are showing that her IP changes to 0.0.0.0 periodically. She is using Mac OS X Lion with the bundled Safari...
-
Since I am logging 404 requests I recognize very often requests searching for potential security gaps (mostly targeting at other CMSs like wordpress). I am not a specialist in this complex theme. Beside the security docs: https://processwire.com/docs/security/ I would like to have a subforum 'securi...
-
Hi I am currently experimenting with Google Polymer / Web Components, which relies on html-imports. I noticed that Processwire's .htaccess blocks access to .html files in the template folder. # Block access to any PHP or markup files in /site/templates/ RewriteCond %{REQUEST_URI} (^|/)(sit...
