#infosec #WordPress Syspeace WordPress Reporter – Brute force protection detector for WordPress #owasp #security
Syspeace WordPress Reporter – Brute force protection detector for WordPress by Syspeace
What is the Syspeace WordPress Reporter?
Syspeace WordPress Reporter is used to collect relevant login data from your WordPress pages
login functionality. The collected data is sent to the Syspeace Web Detector which provides
Syspeace with login attempt information. This means that for the WordPress Reporter to work you
must have the Web Detector installed in Syspeace.
To prevent other websites running on the same server from sending login reports a Reporting Token is used in the Web Detector Reporter. A reporting token is a password-like feature that is set in Syspeace settings and that value needs to correspond with the reporting token sent by the Web Detector Reporter. Unless they match, the login report is ignored in Syspeace.
How to install the Syspeace Web Detector PHP Reporter
Download the SyspeaceDetectorSDK-v1 and unzip. The Detectors and addons are free and there are also other detectors provided for you to use in conjunction with web application logins for instance.
How to install:
1. Install the plugin like this:
Put the SyspeaceWordpressReporter.php file in wp-content/plugins/
The file is located in SyspeaceDetectorSDK-v1Web Detector ReportersPHP
2. Activate the plugin by going to the plugin tab of the WordPress admin panel, selecting the
Syspeace WordPress Reporter plugin and clicking Activate.
3. Go to the Syspeace Reporter Settings tab that has been added to your admin panel.
4. Set Reporting Token to the Reporting Token set in Syspeace’s settings
5. Set Website to the name of the website
6. Click Update
How to use the Syspeace WordPress Reporter
To use the WordPress Reporter, simply go to Syspeace Reporter Settings and set Reporter Token to
the Reporting Token set in Syspeaces settings and set Website to the site name you want in the log
Once you have implemented the plugin on your website we suggest that you test i
t by making both failed and successful login attempts. You can then verify if the login attempts are recorded by checking the Syspeace Access Log under Settings Access Log in Syspeace.
What the Syspeace Web Detector PHP Reporter requires
The server running WordPress must have Syspeace installed so you would need to be running a selfhosted WordPress on a Windows Server
You will be required to install a Web Detector Provider in Syspeace as mentioned under
What is Syspeace WordPress Reporter
Additional free brute force plugins by Syspeace
In the .zip file there are also other plugins and documentation on how to write your own Syspeace Detectors and our goal is to release more detectors as they’re written by us or by our Syspeace users around the world.
By Juha Jurvanen @ JufCorp