Brute force attacks
By now you seen all the stories of WordPress sites being vulnerable to brute force attacks. What does that mean? Simple put a hacker or generated computer program is targeting
wp-login.php pages and submitting the form hundreds if not thousands of times with the most generic username admin and random “popular” passwords. One step is to change your Admin username, but that still leaves your site to thousands or login attempts. You can use a login IP limiter, but a hacker can use many IP’s and most likely you host will crash before all IP’s are blocked (I know because this happened to me).
A simple solution
How about hiding the
wp-login.php! That is what this plugin is intended for. It gives you one solution with two options for unauthorized users.
- Redirect: If a user doesn’t have the correct “key” and “code”, send them somewhere.
- Kill: If a user doesn’t have the correct “key” and “code”, kill the page with a message.
How to use it
There is really on five option needed for this plugin, and three of those have default values.
- Redirect(On)/Kill the page(Off)
- Redirect URL (when Redirect is “On”)
- Question (the query variable)
- Answer (The query answer)
That’s it! Once setup your login page can only be accessed by visiting
youwebsite.com/wp-login.php?question=answer where question is the question you set as well as answer is the answer you set!
Current Version: 1.0.4 Last updated: 2013-12-03
Version 1.0.4 (12/3/13)
Update Extendd Settings to 1.0.19
Version 1.0.3 (11/25/13)
Updated static error for PHP 5.3+
Update TGM Plugin Updater.
Default message if you remove all responses.
Update incorrect call to static function.
Version 1.0.2 (4/24/13)
Allow logout page bypass action 'logout' but not 'loggedout=true'.
Version 1.0.1 (4/16/13)
Version 1.0.0 (4/10/13)
Your purchase is good for one year of auto updates with a valid license key (if provided) by this plugin. You may update your license key at any time by visiting the "My Account" page.