Opis
A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
Brute Force Login Protection is a lightweight plugin that protects your website against brute force login attacks using .htaccess.
After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
Features
- Limit the number of allowed login attempts using normal login form
- Limit the number of allowed login attempts using Auth Cookies
- Manually block/unblock IP addresses
- Manually whitelist trusted IP addresses
- Delay execution after a failed login attempt (to slow down brute force attack)
- Option to inform user about remaining attempts on login page
- Option to email administrator when an IP has been blocked
- Custom message to show to blocked users
Contribute
If you’d like to make a contribution to the Brute Force Login Protection plugin, you can submit a pull request to our GitHub Repository.
You can also create a thread in our Support Forum.
Your feedback is highly appreciated!
Donate
If you’d like to make a donation to the Brute Force Login Protection plugin, you can do so via PayPal by clicking here.
Zrzuty ekranów
Plugin settings page
Instalacja
- Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
- Activate the plugin through the WordPress admin panel.
- Customize the settings on the settings page.
- Done!
FAQ
- Installation Instructions
-
- Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
- Activate the plugin through the WordPress admin panel.
- Customize the settings on the settings page.
- Done!
- My own IP is blocked, what do I do?
-
If you have FTP access to your website edit the .htaccess file and remove the line: ‚deny from x.x.x.x’, where x.x.x.x is your own IP address.
If you don’t have FTP access, the only way to unblock your IP is to log in your WordPress admin panel from another IP address and unblock it via the plugin settings page. - I get an error: .htaccess file not readable/writeable
-
Brute Force Login Protection will only work if your .htaccess file is writeable by WordPress. If you get this error, make sure that your .htaccess file has read and write permissions.
Recenzje
Does not work on Apache 2.4
This plugin uses .htaccess syntax that will not work on the current Apache version (2.4). Using this will break your website!
Great!!!
We got rid of brute force attack because of the specially option in your plugin: Delay in seconds when a login attempt has failed
thank you so much…
Great plugin, but can be better
Great plugin, but can be better.
Please add handle for X-Forwarded-For header.
Cumpre o que promete
Atendeu muito bem minhas expectativas, muito bom.
Works great
No issues does what it’s supposed to do.
Great Plugin – works a charm
I have a WP site using a Divi theme with WP Fastest Cache premium and Cloudflare. After installing the plugin with no problems I received an email within 24 hours that it had stopped a brute force attack on my WP admin login.
Brute Force Login Protection has blocked IP 195.154.226.186 from access to ======= on 2016-04-10 07:54:40
Having had major security issues for a WP cart I programmed for a client I can’t stress enough the importance of security for WP sites. This plugin is a great add on and a must in my books – the cart I programmed was successfully accessed through 2 separate brute force attacks and anyone who doesn’t have brute force protection is compromising their site and those who use it. A must have !!!
Kontrybutorzy i deweloperzy
„Brute Force Login Protection” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.
Kontrybutorzy
Wtyczka “Brute Force Login Protection” została przetłumaczona na 1 język. Thank you to the translators for their contributions.
Przetłumacz wtyczkę “Brute Force Login Protection” na swój język.
Interesuje cię rozwój wtyczki?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Log zmian
1.5.3
- Bugfix
1.5.2
- Bugfix
1.5.1
- Security fix
1.5
- Improved stability
1.4.1
- Option to email administrator when an IP has been blocked
- Button to whitelist your current IP
- Bugfixes and improvements
1.4
- Ability to whitelist trusted IPs
- Ability to create custom message to show to blocked users
- Delay execution after a failed login attempt (to slow down brute force attack)
- Performance improvements
1.3
- Protection against brute force attacks using Auth Cookies
1.2
- Option to inform user about remaining attempts on login page
- Ability to reset options
- Status panel on the settings page
1.1
- Added Dutch translation
1.0
- Initial version
