Below is a description of the advanced features of Pareto Security listed in the Advanced settings of the dashboard.
As stated, it is best not to use these features unless you know a thing or two about web security. 99% of what Pareto Security does, it does in its default settings therefore you do not need to enable these extra features. In doing so you increase the possibility that legitimate users IP addresses may get accidentally banned.
The first two features are enabled by default, you do not need to enable advanced filtering to enabled these features.
- Hard ban attempts to attack the webserver: There are requests made to your webserver than can only be attempts to attack the server. These are prevented from executing, and the IP address where the request originated from is banned from accessing your website again.
- Hard ban attempts to inject malicious code into the database: The same as above except this separates out attempts to attack the database.
The rest are enabled by enabling advanced filtering
- Hard ban injection attempts via browser user-agents: Every web browser sends a piece of information stating what type of browser it is, this can be spoofed by an attacker and can contain attack scripts to exploit your website. Many malicious requests spoofed in this manner are benign blind attempts, others are very serious attack attempts, these serious ones are banned. There is however a tiny risk of banning the IP address of a legitimate user, so for this reason, and for all of the following features, it is best not to use these unless you know the risks.
- Advanced HTTP_HOST filtering: Aims to address this – https://expressionengine.com/blog/http-host-and-server-name-security-issues
- Soft Ban Bots: As stated above, not all bots are bad – but many are indicators of vulnerability scanners intent on mapping your website in preparation for an attack, so in advanced mode will block any request from an attempt to browse your website where the browsers user-agent is not a usual web browser. Soft ban means, block the request but don’t ban the IP address permanently.
- Advanced POST Filtering: In some earlier versions of PHP (versions older than 5.4) are quite easy to carry out a denial of service attack via blind posting of data. These methods are not well known, one of them I discovered myself, however if they were to become well known – since WordPress still recommends some versions of PHP older than 5.4, it could get quite messy.
- Domain Name Safe List: Ths is related to the Advanced HTTP_HOST filtering feature. When you first enable Advanced Filtering, the domain name of your website is registered as the official domain. This works in most instances however it will cause problems in rare cases.
- Filter login attempts: This feature compares the login username against the database list and blocks the request from continuing if the username is not registered. When the Hard Ban option is left disabled, this merely blocks the request, however if Hard Ban in enabled, the IP address of the requester is added to a permanent ban list.
Again, there is no need to enable Advanced Filtering, and certainly do not enable the Hard Ban option if you do not know how to edit an .htaccess file.