Protection from login, registration and reset-password brute-force attacks. No captcha.
Security-Protection blocks and stops brute-force attacks. Want to read more how Security-Protection plugin works?
- no captcha, because brute-force attacks is not users' problem
- no options, because it is great to forget about brute-force attacks completely
Plugin is easy to use: just install it and it just works.
Important: delete 'admin' username if you have it on your site. More than 90% of brute-force attacks try to crack the 'admin' username.
Few of the most commonly used and worst passwords. Do not use them or similar:
How does Security-Protection plugin work?
How does Security-Protection plugin work in details?
How does Security-Protection plugin stop brute-force attacks?
If Security-Protection check was not passed than it is brute-force request and the login attempt (or registration, or reset password) is blocked even if username and password are correct. Plugin sends fake WordPress login cookies to the brute-force bot and redirects it to the admin section to emulate that the password is cracked and many brute-forcers stop their attacks after this. It is really awesome 🙂
How to test what brute-force attacks are blocked?
You may enable sending info about blocked brute-force attacks to admin email. Edit security-protection.php file and find "$secprot_send_brute_force_log_to_admin" and make it "true".
How to stop brute-force attacks if plugins does not help?
If all plugins does not help you to stop brute-force attacks - you can simply rename wp-login.php file (for example 'wp-login-new.php') for now and maybe this can help you to reduce load on your site. And also create empty wp-login.php file for not raising WordPress 404 error because it will start whole WordPress site again during each wp-login.php access. While wp-login.php renamed - users cannot login, register and reset password. If you want to have ability to login while you renamed wp-login.php file you should replace all 'wp-login.php' strings inside of the wp-login.php file to your new filename (for example 'wp-login-new.php').
2.3 - 2016-03-22
- Minor updates
2.2 - 2015-06-01
- added compatibility for WooCommerce
- code cleanup
- added SECURITY_PROTECTION_VERSION constant
2.1 - 2014-08-29
- masking password in the email log for successful login
- cleanup code
- update FAQ
2.0 - 2014-04-05
- completely rewrote all the code and reorganize the logic of the plugin (now plugin adds two hidden fields - aka 'invisible js-captcha')
- added 'send_successful_login_log_to_admin' feature
1.1 - 2014-03-01
- added sending fake WordPress login cookies to fool the bot
1.0 - 2014-02-25
- initial release - Protect from login, register and reset-password brute-force attacks using cookie check
- install and activate the plugin on the Plugins page
- enjoy life without login, register and reset-password brute-force attacks