Protect your site from automated logins efficiently!
| Author: | Svetoslav Marinov (Slavi) (profile at wordpress.org) |
| WordPress version required: | 2.6 |
| WordPress version tested: | 4.1 |
| Plugin version: | 1.0.0 |
| Added to WordPress repository: | 18-12-2014 |
| Last updated: | 18-12-2014
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | http://club.orbisius.com/products/wordpress-p... |
| Total downloads: | 2 542 |
| Active installs: | 10+ |
 Click to start download |
|
This plugin logs and blocks IP address of users who try to login with known bad usernames such as admin, adm etc. The plugin intentionally hooks very early (plugins_loaded hook) in order to determine if the user should be blocked or not because that way WordPress doesn't have to waste resources if the user is supposed to be blocked. It stores the IP address in the uploads folder (.htaccess protected) so it doesn't hit the database for the ip checks. This may not work on some setups.
The user will get blocked in these cases: - Tries to login using one of the bad usernames (admin, adm, root, administrator) - Tries 7 or more ties to guess any password of any user
Note: If you still have an account whose username matches the logins mentioned above please create a new admin account and use that one instead .. or you will get banned when you attempt to login regardless if your password was valid or not.
When the user should be blocked the plugin outputs Internal Server Error message and stop. That way the attacked doesn't know what's happening. Also the user is has to wait between 3 and 15 seconds before seeing this error message to slow him/her down.
Features / Benefits
- Hooks very early and checks if the user is blocked -> blocks to saves resources
- Doesn't block server's ip or localhost / 127.0.0.1
- The plugin should be capable of detecting multiple IP address of a visitor (some proxies pass the original IP address via different request variable)
- If an IP is blocked that user is not allowed to access the whole site not just the login page.
- Extensible via hooks (filters, actions).
Screenshots
FAQ
ChangeLog