admin管理员组文章数量:1122846
This is not a question but a post that needs suggestion -
In WP there should be a hook that should fire before any DB connection is made.
Using this hook we can filter some request which come to our website as bad bot or brute force attack. Example - If someone tries to brute force our login pages via some script, even if the request has invalid username or password, the attack will use many resources as it will make DB connection and few default queries will be running before making authentication check.
If there would be some hook that that fires before DB connection then there we can see if username and password is present and a hidden field in login ( will add a hidden field just to validate if value matches when trying to login ) . We can check in brute force attack that hidden field in not present then directly block the request.
As of now I have done it by adding on the top of wp-config.php file and it is not making any DB connection but just wanted to see it there would be an hook for this it would be great.
This is not a question but a post that needs suggestion -
In WP there should be a hook that should fire before any DB connection is made.
Using this hook we can filter some request which come to our website as bad bot or brute force attack. Example - If someone tries to brute force our login pages via some script, even if the request has invalid username or password, the attack will use many resources as it will make DB connection and few default queries will be running before making authentication check.
If there would be some hook that that fires before DB connection then there we can see if username and password is present and a hidden field in login ( will add a hidden field just to validate if value matches when trying to login ) . We can check in brute force attack that hidden field in not present then directly block the request.
As of now I have done it by adding on the top of wp-config.php file and it is not making any DB connection but just wanted to see it there would be an hook for this it would be great.
Share Improve this question asked Aug 20, 2024 at 14:08 AftabAftab 1,3919 silver badges19 bronze badges 1- 1 This seems like something that belongs on Core Trac as a feature suggestion. – Pat J Commented Aug 20, 2024 at 19:19
1 Answer
Reset to default 1The problem with having a "hook" is that the add_action() function would not be defined that early so WordPress would have to be recoded so that the function is available much earlier.
Also to use an action hook you would need to add your code inside a theme or a plugin. WordPress must make database requests in order to load themes and plugins. So the code that hooks into this action would have to be added inside an MU plugin and again WordPress would need to be re-coded so that MU plugins load earlier.
I highly doubt WordPress would ever update to support this.
Bots, Brute Force attacks, DDoS...etc. This should all be managed server-side via your website's firewall. Not via PHP.
本文标签: securityHook before DB connection is made
版权声明:本文标题:security - Hook before DB connection is made 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736297327a1929987.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论