WordPress security plugins that hide the source of blocking

Posted July 22nd, 2014 in Tech Corner. Tags: , .

We often get reports from customers saying they’ve been blocked from their WordPress sites with a strange generic error message or blank page.

When we investigate, it’s common to find that it happened because they installed a security plugin that has made a mistake — a “false positive” — and blocked the site owner.

No software is perfect, but what makes these situations worse is when the plugin intentionally uses a generic error message (or blank page) instead of clearly identifying the source of the blocking. This makes it difficult to find the cause and wastes a great deal of everyone’s time. (We do lots of blocking ourselves to try to keep sites secure, but we always clearly identify the fact that we added the block on the resulting page.)

We’ve got a list of plugins that do this. We recommend avoiding these plugins; each of them has generated multiple complaints to us of site owners being locked out of their own sites and not knowing what’s happening. (We’ll gladly remove any plugin from that list if the authors make sure their error messages identify the source of blocking so people can easily identify the source of any problems.)

  1. Recent Posts

    1. PHP versions 8.2.17 and 8.3.4
    2. President’s Day 2024 holiday hours
    3. PHP versions 8.1.27 and 8.2.15
    4. Martin Luther King, Jr. Day 2024 holiday hours
    5. New Year’s 2024 Holiday Hours
    6. Christmas 2023 Holiday Hours
    7. Brief scheduled maintenance December 16-17, 2023
    8. Thanksgiving 2023 Holiday Hours
    9. PHP versions 8.1.25 and 8.2.12
    10. PHP versions 8.1.24 and 8.2.11

  2. Categories

  3. Tags

    all servers email holiday hours linux mailman maintenance mod_security mysql network php phpmyadmin security server updates spam ssl status updates webmail wordpress zapp

  4. Feeds