forked from WPPlugins/goodbye-captcha
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreadme.txt
418 lines (308 loc) · 15.6 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
=== WPBruiser {no- Captcha anti-Spam} ===
Contributors: mihche
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XVC3TSGEJQP2U
Tags: captcha, antispam, anti-spam, spam, mailpoet, antispambot, brute force, comment spam, jetpack contact form, contact form 7, ninja forms, formidable forms, wp bruiser
Requires at least: 3.5
Tested up to: 4.7
Stable tag: 3.1.5
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
An extremely powerful antispam plugin that blocks spam-bots without annoying captcha images.
== Description ==
**WPBruiser (formerly GoodBye Captcha) is an anti-spam and security plugin based on algorithms that identify spam bots without any annoying and hard to read captcha images.**
WPBruiser completely eliminates spam-bot signups, spam comments, even brute force attacks, the second you install it on your Wordpress website. It is completely invisible to the end-user - no need to ever fill out a Captcha or other "human-detection" field ever again - and it just works!
Unlike other anti-spam plugins, which detect spam comments and signups after the fact and move them to your spam folder, which you then have to delete - using up not only your website's resources, but your time as well, WPBruiser prevents the bots from leaving spam in the first place. The result is that your site is not only spam free, it's faster and more secure.
In addition, WPBruiser is completely self-contained and does not need to connect to any outside service. Your logins remain yours, 100%.
WPBruiser fights Brute Force attacks and eliminates spam-bots on comments, signup pages as well as login and password reset pages. At the click of a button, you can decide which forms to protect.
= Summary of WPBruiser features =
* Standard WordPress Login form integration
* Standard WordPress Register form integration
* Standard WordPress Forgot Password form integration
* Standard WordPress Comments form integration
* Ability to set the maximum number of characters for each comment field
* Logging with the ability to enable/disable it
* Automatically Block IP Addresses
* Automatically purge logs older than a certain number of days
* Manually white-list trusted IP Address (IPV4 and IPV6)
* Manually block/unblock IP Addresses (IPV4 and IPV6)
* Properly detects client IP Address when using CloudFlare, Incapsula, Cloudfront, RackSpace, Sucuri CloudProxy, AWS ELB
* Provides statistics, reports, maps and charts with all blocked spam attempts
* No requests to external APIs
* Can be switched to "Test Mode" - for testing
* Compatible with WordPress Multisite - network admin interface ready
* Compatible with cache plugins (WP Super Cache, W3 Total Cache, ZenCache, WP Fastest Cache and others)
* Invisible for end users (works in the background)
* Does not affect page loading times
= Brute Force Protection =
* Automatically detects Brute Force attacks
* Ability to automatically block IP Addresses
* Prevents User Enumeration
* Ability to block most dangerous IP addresses involved in brute force attacks
* Ability to block most dangerous Anonymous Proxy IP addresses including TOR Networks, TOR Nodes and TOR Exit Points
* Ability to Completely Disable XML-RPC service - **it seamlessly works with Jetpack plugin activated**
* Ability to Disable XML-RPC Pingbacks
* Email notifications when a Brute Force Attack is detected
<blockquote>
<h4>WPBruiser Available Extensions</h4>
<p>WPBruiser is integrated with the most popular plugins</p>
<dl>
<dt>Contact Forms Extensions</dt>
<dd>
<ul>
<li><a href="http://www.wpbruiser.com/downloads/contact-form-7/"><strong>WPBruiser - Contact Form 7</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/gravity-forms/"><strong>WPBruiser - Gravity Forms</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/ninja-forms/"><strong>WPBruiser - Ninja Forms</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/formidable-forms/"><strong>WPBruiser - Formidable Forms</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/fast-secure-contact-form/"><strong>WPBruiser - Fast Secure Contact Form</strong></a></li>
<li><a href=""><strong>WPBruiser - Jetpack Contact Form (FREE - merged into the core)</strong></a></li>
</ul>
</dd>
</dl>
<dl>
<dt>Membership Extensions</dt>
<dd>
<ul>
<li><a href="http://www.wpbruiser.com/downloads/buddypress/"><strong>WPBruiser - BuddyPress</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/memberpress/"><strong>WPBruiser - MemberPress</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/userpro/"><strong>WPBruiser - UserPro</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/upme/"><strong>WPBruiser - User Profiles Made Easy</strong></a></li>
<li><a href=""><strong>WPBruiser - Ultimate Member (FREE - merged into the core)</strong></a></li>
</ul>
</dd>
</dl>
<dl>
<dt>eCommerce Extensions</dt>
<dd>
<ul>
<li><a href="http://www.wpbruiser.com/downloads/woocommerce/"><strong>WPBruiser - WooCommerce</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/easy-digital-downloads/"><strong>WPBruiser - Easy Digital Downloads</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/affiliatewp/"><strong>WPBruiser - AffiliateWP</strong></a></li>
</ul>
</dd>
</dl>
<dl>
<dt>Email Subscriptions Extensions</dt>
<dd>
<ul>
<li><a href="http://www.wpbruiser.com/downloads/mailpoet/"><strong>WPBruiser - MailPoet</strong></a></li>
<li><a href="http://www.wpbruiser.com/downloads/easy-forms-for-mailchimp/"><strong>WPBruiser - Easy Forms for MailChimp</strong></a></li>
</ul>
</dd>
</dl>
<p><a href="http://www.wpbruiser.com/extensions/" title = "WPBruiser Extensions">View all WPBruiser Extensions</a></p>
</blockquote>
**WPBruiser is also integrated with the following plugins:**
* **Postmatic** (https://wordpress.org/plugins/postmatic)
WPBruiser offers protection for the entire email commenting system
* **Epoch** (https://wordpress.org/plugins/epoch)
WPBruiser offers protection for the entire chat and commenting system
* **wpDiscuz** (https://wordpress.org/plugins/wpdiscuz/)
WPBruiser offers protection for the entire commenting system
* **MailChimp for WordPress** (https://wordpress.org/plugins/mailchimp-for-wp)
WPBruiser offers protection for all forms the user will create with MailChimp
* **Ultimate Member** (https://wordpress.org/plugins/ultimate-member)
WPBruiser offers protection for Login, Registration and Reset Password forms
* **Jetpack by WordPress** (https://wordpress.org/plugins/jetpack)
WPBruiser offers protection for JetPack Contact Form
* **ZM Ajax Login & Register** (https://wordpress.org/plugins/zm-ajax-login-register)
WPBruiser offers protection for Login and Registration forms
* **Login With Ajax** (https://wordpress.org/plugins/login-with-ajax)
WPBruiser offers protection for Login, Registration and Lost Password forms
* **WP User Control** (https://wordpress.org/plugins/wp-user-control)
WPBruiser offers protection for Login, Registration and Lost Password forms
* **PlanSo Forms** (https://wordpress.org/plugins/planso-forms/)
WPBruiser offers protection for all forms
* **Theme My Login** (https://wordpress.org/plugins/theme-my-login)
WPBruiser offers protection for Login, Registration and Lost Password forms
* **Seamless Donations** (https://wordpress.org/plugins/seamless-donations)
WPBruiser offers protection for the donation form
= Technical support =
If you notice any problems by using this plugin, please notify us and we will investigate and fix the issues. Ideally your request should contain: URL of the website (if your site is public), Php version, WordPress version and all the steps in order to replicate the issue (if you are able to reproduce it somehow)
= Donate =
If you find this plugin useful, please consider making a small [donation](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XVC3TSGEJQP2U). Thank you
== Installation ==
= Option 1 =
1. Download the zip file from WordPress plugin directory,
2. Unzip and upload all the files to the /wp-content/plugins/goodbye-captcha/ folder from your server,
3. Activate the plugin from WordPress Dashboard
= Option 2 =
1. Download the zip file from WordPress plugin directory,
2. Login into the administration panel,
3. Go to Plugins --> Add New --> Upload,
4. Click Choose File (Browse) and select the downloaded zip file,
5. Activate WPBruiser plugin
= Option 3 =
1. Login into your WordPress site,
2. Choose Plugins --> Add New,
3. Search for WPBruiser,
4. In the results page, click Install Now. (depending on your server, you might need to provide credentials for download),
5. Activate WPBruiser
After installation, a WPBruiser menu item will appear in the Settings section. Click on this in order to view plugin's administration page.
== Frequently Asked Questions ==
= How do I know is working? =
Just switch the plugin to Test Mode and start testing it yourself. The Administrator will receive email notifications.
If something is not working as expected, a warning message will be shown.
= Is WPBruiser safe? =
Yes. The algorithm behind the plugin was fully tested and there is no way a spider or robot can spam your sites.
= What forms can be secured by using WPBruiser WordPress plugin? =
All standard WordPress forms(Login, Register, Comment and Forgot Password) can be secured by using WPBruiser plugin.
= Are there any php extensions that need to be activated so this plugin could work? =
No. The plugin runs 100% without activating any additional php extensions.
= Does WPBruiser help me to block ip of the spammers? =
Yes. Starting with WPBruiser version 1.1.0, this feature is available.
= Does WPBruiser recognize IPV6 addresses and is it possible to block them? =
Yes. Starting with WPBruiser version 1.1.0, IPV6 is recognized and the administrator can block it with a single click.
= Why captcha is not user friendly? =
Studies shown that visual CAPTCHAs take around 5-10 seconds to complete and audio CAPTCHAs take much longer (around 20-30 seconds) to hear and solve.
== Screenshots ==
1. WPBruiser - Settings
2. WPBruiser - Security
3. WPBruiser - Security - WhiteList IP Address
4. WPBruiser - Security - BlackList IP Address
5. WPBruiser - WordPress
6. WPBruiser - Tweaking WordPress
7. WPBruiser - Protect Jetpack Contact Form
8. WPBruiser - UltimateMember protection
9. WPBruiser - Other plugins integrations
10. WPBruiser - Report - Blocked Comment
11. WPBruiser - Report - Block IP Address
12. WPBruiser - Report - By Location - Distribution
13. WPBruiser - Detailed Report
== Upgrade Notice ==
A plugin vulnerability reported by Wordfence team. This update is highly recommended!
Refreshed Country IPs, WebAttackers IPs and Proxy IPs
== Changelog ==
= 3.1.5 =
**Improvements**
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
**Fixes**
- A plugin vulnerability reported by Wordfence team
= 3.1.4 =
**Fixes**
- PHP7 warnings
**Improvements**
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
= 3.1.3 =
**Improvements**
- Prevent oEmbed and WP Rest API user enumeration.
= 3.1.1 =
**Fixes**
- Compatibility with MailChimp for WP version 4.0.4 and up.
= 3.1 =
**Fixes**
- Compatibility with MailChimp for WP version 4.0.6 and up
- Compatibility with WordPress MU Domain Mapping plugin
- Fixed Password reset protection for WooCommerce
- Refreshed Country IPs
= 3.0.15 =
**Improvements**
- Compatibility with Avada theme
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
= 3.0.14 =
**Fixes**
- Fixed the issue when protection for WooCommerce registration form was conflicting with protection for Standard WordPress registration
= 3.0.12 =
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
**Improvements**
- Improved loading speed
- Improved detection algorithm
= 3.0.11 =
**Improvements**
- Improved proxy detection feature
= 3.0.10 =
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
**Additions**
- Ability to register trusted proxy headers
- Email Notification when a user with Admin Capabilities has signed in
**New Premium Extensions**
- [Country Blocking Extension](http://www.wpbruiser.com/downloads/country-blocking/)
- [Easy Forms for MailChimp Extension](http://www.wpbruiser.com/downloads/easy-forms-for-mailchimp/)
- [Easy Digital Downloads Extension](http://www.wpbruiser.com/downloads/easy-digital-downloads/)
- [AffiliateWP](http://www.wpbruiser.com/downloads/affiliatewp/)
= 3.0.9 =
Fixing repository issues
= 3.0.7 =
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
= 3.0.6 =
Fixed corrupted files from WordPress Repository
= 3.0.5 =
- Fixed JavaScript error -
[Uncaught TypeError: Cannot read property 'call' of undefined](https://wordpress.org/support/topic/uncaught-typeerror-cannot-read-property-call-of-undefined)
Thanks to [James Revillini](https://wordpress.org/support/profile/jrevillini)
= 3.0.4 =
**Fixes**
- W3TC refresh cache notice - reported by [Todd and roxchou](https://wordpress.org/support/topic/w3tc-empty-page-cache-message-always-on-when-activating-wpbruiser)
- bbPress menu disappear when WPBruiser is active - reported by [N3k0](https://wordpress.org/support/topic/bbpress-menu-dissapair)
**Additions**
- Integration with [wpDiscuz](https://wordpress.org/plugins/wpdiscuz)
- [WooCommerce Extension](http://www.wpbruiser.com/downloads/woocommerce/)
= 3.0.3 =
**Fixes**
- Compatibility with Query Monitor plugin
- Block Web Attackers IPs and Block Anonymous Proxy IPs options are getting deactivated
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
= 3.0.2 =
- Removed jQuery dependency
- Added protection for Ultimate Member Modal Login
- Compatibility with WordPress 4.5 for Max Comments Fields Length
- Refreshed Country IPs
- Refreshed WebAttackers IPs
- Refreshed Proxy IPs
= 3.0.1 =
**Improvements**
- Ability to set up the Fields Maximum Length for each comment form field
- Added Extensions page
- Added `languages` folder to support translations
- Added a new filter `wpbruiser-scripts-in-head` - to explicitly render WPBruiser's script in head or footer
= 3.0 =
- Added IPv4 to country lookup
**Introducing premium extensions**
- [Contact Form 7](http://www.wpbruiser.com/downloads/contact-form-7/)
- [Gravity Forms](http://www.wpbruiser.com/downloads/gravity-forms/)
- [Ninja Forms](http://www.wpbruiser.com/downloads/ninja-forms/)
- [Formidable Forms](http://www.wpbruiser.com/downloads/formidable-forms/)
- [Fast Secure Contact Form](http://www.wpbruiser.com/downloads/fast-secure-contact-form/)
- [BuddyPress](http://www.wpbruiser.com/downloads/buddypress/)
- [MemberPress](http://www.wpbruiser.com/downloads/memberpress/)
= 2.2.2 =
- Removed the MaxMind GeoIP Databases due to the licensing terms violation
= 2.2.1 =
- Fixed MySql error reported by [WHSajid](https://wordpress.org/support/topic/wp-db-error-2)
= 2.2.0 =
- Fixed issue when WPBruiser blocks post requests from some Amazon proxy servers
- Fixed blocked content extra slashes
- Improved Brute Force attacks detection
- Refreshed dangerous IPs lists
= 2.1.0 =
- Now GoodByeCaptcha is WPBruiser
- Fixed Disable Trackbacks/Pingbacks issue reported by [sixer](https://wordpress.org/support/topic/disable-trackbacks-pingbacks-disables-login-from-android-wp-app)
- Added compatibility with WP Deferred JavaScripts plugin
- Fixed warning notice reported by Sucuri
= 2.0.1 =
**Fixes**
- Compatibility with Login With Ajax plugin
- Compatibility with Google Apps Login plugin
- Compatibility with WP-Rocket plugin
- Compatibility with Autoptimize plugin
- Compatibility with Theme My Login plugin
= 2.0 =
**Additions**
- New admin interface
- Network admin interface
- Brute-Force protection
- White-list IPs
- Black-list IPs
- WordPress tweaks