November 19, 2019 at 6:58 am #7313AnonymousInactive
Alex, for the colld strage page, it would be possible to add a certain extra layer of security like a password to access to it?
What if I want to setup a remote colld strage, securely unknown from the install place?
Best regardsNovember 19, 2019 at 10:01 am #7316alexgKeymaster
I think that an extra layer of security doesn’t make much sense in this case. If someone can see the cold storage wallet, that means that they have the
manage_walletscapability, and thus they can already steal your funds. An extra pin will not stop them.
Any cold storage that you setup will be unknown to the installed plugin. Why do you think that this is not possible at the moment? A cold storage is simply another wallet, which could be a hardware wallet, software wallet, or even paper wallet. The only requirement is that you are able to transfer funds between the hot wallet and cold wallet. Otherwise these are not connected in any way.
Please let me know if I did not understand what you’re suggesting.
with regardsNovember 19, 2019 at 5:41 pm #7320AnonymousInactive
I understand your point Alex. It is just taht I am a fanatic about security and quality support and I was thinking about worst scenarios.
Imagine that someone fixes an eye on you and your business, and wants to steal you, he can do it anywhere with the only requirment of having you (as admin with the capability) in front of you, so you are vulnerable, the only thing needed in this case is connecting a hardware wllet for example and proceed to the storage.
According to this scenario, just a simple solution example I am having now. It is possible to give for a Super Admin role the capability of adding whitelisted IP’s for cold storaging? In case a super admin performs a cold sotrage process from a non whitelisted IP, an e-mail confirmation is sent both to the Super Admin and the Admin assigned for the whitelisted IP.
I think it is essential to ensure costumers, so if I am subcontracting a security company for this, the customers should be more confident.
The security in this case I thing it is really strenghted and more serious, don’t you think?November 20, 2019 at 7:28 am #7322alexgKeymaster
You are correct that security is a very important concern when you have a hot wallet connected to your site. A wallet can only ultimately protect the funds (hence the CS feature), it cannot do a WordPress security model in general.
If I were to try to roll my own IP filters on top of that of WordPress, it would break the separation of concerns principle: I would probably not do a very good job at it, and it would create many problems in edge cases. (Incidentally, this is also the reason why I don’t add two factor login features, password auditing, or other extra security features in the plugin.)
Instead, if you have decided that admins can only login from specific white-listed IPs, I suggest you use one of the existing WordPress security plugins to do this. For a good overview on all of the attack vectors that you should be worried about, see https://wordpress.org/support/article/hardening-wordpress/. Additionally, your host needs to be secure. If you’re managing the server yourself, you need to look up “hardening debian”, “hardening centos”, “hardening apache”, “hardening nginx”, or whatever software stack you’re using. If your server is managed, then this is partly what you pay your hosting provider for.
- You must be logged in to reply to this topic.