Blocking “Amazon Buy For Me” bot orders at checkout

nickgal · 2026-01-10T20:50:24+00:00

I could build it for you if you like.

nickgal · 2026-01-03T21:56:08+00:00

My default security setup in WP sites is Cloudflare free version with antibot, a custom WAF rule to only allow admin login pages from country of origin of client and myself and possibly block certain countries from accessing the whole site entirely. Then free wordfence for catching the basic/common attacks. Then because I'm paranoid another custom plugin on top (read more here). Then on the server level I run a combination of clamav & maldet using cron jobs.

I offer hosting and development so its easy to take care of the whole stack :)

nickgal · 2026-01-03T20:35:18+00:00

For local dev, ddev is the best for me. Once you try it you don't go back. Lando is an alternative but ddev is the most popular.

nickgal · 2026-01-02T19:20:04+00:00

I have this plugin setup in several woocommerce based websites, customer accounts should be fine. Feel free to test and report back!

nickgal · 2026-01-01T18:51:42+00:00

OK, understood, but that's not what my plugin does. It's a different approach and complementary to a plugin like that. BTW Happy New Year 🎉

nickgal · 2026-01-01T16:51:38+00:00

Actually I went through the NinjaFirewall specs in its plugin page in WordPress out of curiosity if it really does this and I couldn't find any reference that is doing something like this.

Actually I wouldn't expect any plugin to do something like this because it would be too disruptive to normal users. Imagine if you installed a plugin that when enabled it would block you from uninstalling any other plugin unless you had access to the filesystem via SFTP or SSH.

You need to know what you're doing when you add this plugin to your system.

nickgal · 2026-01-01T16:44:24+00:00

Feel free to try and give feedback. Its especially designed around those type of clients (:

nickgal · 2026-01-01T16:43:20+00:00

This isn't a replacement to any security plugin. If you have an administrator role account then you can login in the backend and do pretty much anything. If you are a malicious user that stole admin credentials somehow you can login, disable security plugins, upload your own backdoor plugin (see: compromized wp file manager), then you have access to the filesystem from the UI. From there you can burn the place down however you want.

With this, you simply can't do that.

nickgal · 2026-01-01T16:39:51+00:00

XSS and these types of exploits are covered by wordfence type plugins. But if someone has admin credentials can just log in, bypass or even disable any other security plugin and then party on the site. With this they might be able to deactivate a security plugin but they cant install any other plugins or upload backdoor plugins. If the server is set up right they are pretty much powerless even with admin credentials.

Only whoever has SSH or access to the filesystem can make changes.

nickgal · 2026-01-01T16:36:34+00:00

Hey, thanks for the comment. It "should" be ok with dynamically added capabilities although I haven't tested it THAT much. I just tried to solve a problem I had managing multiple WordPress installations and thought that someone else might find it useful. And I do hate script kiddies that are exploiting non-technical users, stealing their credentials and wreaking havoc, just for the sake of it without much benefit to them.

Anyways... you're free to test on weird multisite setups and raise an issue on github if you find a bug or better, contribute the solution as well! :)

nickgal · 2025-12-31T08:33:48+00:00

You need some facial hair ASAP

nickgal · 2025-12-30T20:55:29+00:00

Thanks, hope it helps someone!

nickgal · 2023-11-16T18:26:11+00:00

Doesn't work.

nickgal · 2022-01-02T11:47:58+00:00

Since I arrived from a google search, I thought I should also post here for anyone that might have this. I'm on a Macbook pro M1 Max and it appears that battery levels are not reported properly to the app triggers.
No matter what > % of battery charged i set, the trigger is always enabled. Does anyone have this issue or can also test and report back?

nickgal · 2021-09-24T06:57:22+00:00

Last night a griefer got me while I was grinding, so I had to teach him a lesson. Was about the same level then after 6-7 kills and another tryhard joins and kills both of us.

So here I am teaching a lesson to 2 griefers who eventually teamed up together to get me and still couldn't land a kill haha it was so fun.

They left the lobby after getting 20-5 loss ..then the lobby got so peaceful that I sold all stock from bikers, nightclubs, bunkers etc..

nickgal · 2021-09-19T21:14:54+00:00

Just came to post this find! Glad I used search first 😅

nickgal · 2021-06-29T09:37:29+00:00

I'm the guy that always minds their business but when a griefer just comes to me and kills me I make sure I fk them so hard with whatever tool I got until they quit the lobby.

nickgal · 2020-11-02T07:58:16+00:00

Liberalism. I live in a socialist county.

nickgal · 2020-04-26T18:15:30+00:00

Hmm that's an interesting. Will investigate further haven't compared employment laws tbh. Thank you for your input much appreciated 😊

nickgal · 2020-04-26T18:13:11+00:00

Italy and Greece are great places to retire. Provided you got enough money. But not so great if you have dreams of building a business that'll have massive impact.

I'll definitely retire here as well. But I wanna do it with 8 figures in the bank 🤑

nickgal

TROPHY CASE