1) Enhancement: Would like to be able to do immediate ban of an IP with a specific login name. Like anyone who tries to login as ‘admin’ gets immediate ban.
2) Enhancement: Shared IP ban list. Would like to have my list augmented with the auto-generated IP list of other Defender users. I don’t want to have to filter through login ban logs with IPs that everyone else is seeing too. To ensure that the IPs are good, the shared list should only include IPs that have been added to at least 5 other independent ban lists.
3) Enhancement: IP lockout list: Allow filtering out failed attempts for specific user names. I have pages of failed attempts for a specific name which appear to be coming though spoofed/proxy servers. I want to build a list of names and continue to remove them from my view. So, eliminate all admin. Then I see admin1, eliminate those. Then I see manager, eliminate those…
4) Enhancement: Detection of proxies. I know this is tough but I have page of results from failed attempts to login with a specific user name like ‘bob’, all from different IP addresses. Rather than detecting all of the individual IP addresses, let’s try to block out specific proxy servers. We might lose some legitimate traffic but for some sites that’s a small price.
5) Enhancement: IP lockout list: When sorted by IP, going to page 2 returns unsorted data. Each page should progress through the same sorted list.
6) Enhancement: Auto ban of page requests for plugins that aren’t installed. These are obviously hack attempts. Example: “Request for file amrusersfront.css?ver=3.1 which doesn't exist”. Since I don’t have the AMR-Users plugin installed this is obviously a probe.
7) Enhancement: IP lockout list: Ability to copy the full path referenced by a description. The path is available in a tooltip which displays on mouseover, but I want to copy/paste this data for other handling.
8) Enhancement: Auto-lockout of requests for ?author=N. On my blog there is only one author and requests for another ID are obviously probes. Maybe the best way to approach this is a user-configurable whitelist/blacklist of requests matching specific regex patterns.
9) Enhancement: IP lockout list: Sort by detail
10) Enhancement: IP lockout list: Export to CSV
11) Enhancement: Compatibility checking with other plugins. This is a procedural request. Rather than asking for Defender to get enhanced with a lot of features found in other plugins, I don’t mind using other plugins. I just don’t want conflicts. Please pro-actively check with other developers and run other plugins to ensure there aren’t conflicts with Defender. Specifically, I just activated UP Geo Block, which seems to be a perfect companion to Defender.
12) Enhancement: Please add ability to batch email notifications into a readable bundle where we can get one email at the end of the day for all sites in our Hub. Defender is very chatty.
1) Bug: IP lockout list: Sometimes clicking the up/down column sort on IP returns the JSON dump of data rather refreshing the list. Example of a URL that gets returned with JSON:
2) Bug? Refinement? : I get a lot of warnings for page requests like “/blog/category/tech/page/16”. This is apparently a bot that’s scanning through incrementing pages, where page 15 was the last valid page. I don’t think we care about “defending” against this common site scraping, so it probably shouldn’t be reported. So I suggest not taking action against invalid “/page/Z” requests unless they are repeated/excessive.