Protects your WordPress site from DDoS and brute-force attacks. Ingeniously simple and VERY effective.
|Author:||Aimbox (profile at wordpress.org)|
|WordPress version required:||3.5.2|
|WordPress version tested:||4.9.4|
|Added to WordPress repository:||01-07-2016|
|Total downloads:||20 018|
|Active installs:||3 000+|
Click to start download
How does the plugin work?
The plugin starts working right after you install it. It utilizes a very simple idea: when a real user accesses the login page, the plugin sets a validation cookie for this user. After the user submitted the log in form, the plugin checks if the cookie is there and correct. If so, the user is allowed to log in. Otherwise the user gets bounced off. Since malicious bots attack the WordPress login page directly, they don’t get the protection cookie and hence always get bounced off. Moreover validation happens at the server level BEFORE WordPress is even accessed (via .htaccess file) and hence no load is directed to the WordPress at all. The secure cookie is encrypted and unique for every site so the bots can’t falsify it. Simple and effective!
Can it protect against any DDoS attack?
This plugin protects against DDoS CAUSED by brute-force attacks ONLY. This is the most common cause for an operational WordPress site to be down though. If your site is under attack for other reasons (for example if you got a lot of traffic to one of your posts) this plugin will not help!
What are the system requirements?
This plugin only works on the servers that support .htaccess files. Most Linux servers do.
- Can deny access to xmlrpc, RSS and certain countries now.
- Multisite compatibility implemented.
- Redirect POST-requests only for login page.
- Set validation cookie for all GET-requests.
- Use random cookie name for better security.
- Initial release.