WP-Sentinel, is a plugin for the WordPress platform which will increase the security of your blog against attacks from crackers, lamers, black hats, h4x0rs, etc . The plugin will be loaded by wordpress before every other installed plugin and will execute some security checks upon incoming http requests and, when one of more requests turn on the system alarm, they will be blocked, the sentinel then will show a warning message to the user and send a notification email to the blog administrator with the whole attack details. Furthermore wp-sentinel will communicate with a centralized server to collect attackers data and build a ip address blacklist.
This plugin is able to block those kind of attacks :
- Cross Site Scriptings
- HTML Injections
- Remote File Inclusions
- Remote Command Executions
- Local File Inclusions
- SQL Injections
- Integer & string overflows
- Cross Site Request Forgery
- Login bruteforcing
- Flooding
- … and so on 🙂
WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.