This plugin stores validation logs when Record “Logs” is enabled in Privacy and record settings section on Settings tab.
Contents in log
The followings are some of items that are stores in logs.
Following the HTTP method and the port, the requested path is recorded. RFC2616 (obsoleted by RFC7231) defines 8 method, i.e. GET, POST, PUT, DELETE, HEAD, OPTIONS, TRACE, CONNECT. The definitions says:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe”. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
But in the real world, we can find a simple hyperlink (i.e. GET method) which takes an action other than retrieval.
Anyway, we’d better take care about what’s being done by a malicious request.
When a request submitted by POST method is blocked, keys in
$_POST environment variable are recorded into the log. The corresponded keys in “$_POST keys to be recorded with their values in logs” in Privacy and record settings section are deployed to their values in order to take a look at them.
The recommended keys are as follows:
This key is very popular in WordPress. It usually shows the process of doing something.
It shows the contents of comment posted to
The login name and password posted to
pwdwill be masked with
***when it comes from a logged in user.
It shows the contents of HTTP File Upload variables
$_FILESif POST method uploads was requested. (since 0.3.0.3)
The column “Result” shows the validation result as the following table describes:
|passed||passed through the validation|
|passUA||passed by menas of “UA string and qualification”|
|blocked||blocked by country|
|blockUA||blocked by menas of “UA string and qualification”|
|wp-zep||blocked by WP-ZEP|
|multi||blocked by XML-RPC multicall|
|badsig||blocked by Bad signatures|
|badbot||blocked by Badly-behaved bots and crawlers|
|extra||blocked by Extra IP addresses|
|failed||blocked by failed login attempt|
|limited||blocked by excess of limit login attempt|
|upload||blocked by forbidden MIME type|
|^||found unexpected attached files|
Independent of Privacy and record settings section, you can see all the requests validated by this plugin in almost real time.
Leave a Reply