[WordPress] 外掛分享: Admin Safety Guard — Login Security & 2FA

WordPress 外掛 Admin Safety Guard — Login Security & 2FA 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「Admin Safety Guard — Login Security & 2FA」是 2025-07-31 上架。
  • 目前有 10 個安裝啟用數。
  • 上一次更新是 2026-02-25,不久前才剛更新。
  • 外掛最低要求 WordPress 5.8 以上版本才可以安裝。
  • 外掛要求網站主機運作至少需要 PHP 版本 7.0 以上。
  • 有 4 人給過評分。
  • 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。

外掛協作開發者

habibnote | themepaste |

外掛標籤

2FA | recaptcha | login security | Admin Safety Guard | limit login attempts |

內容簡介

總結:Admin Safety Guard 是一個全面的解決方案,可在不牺牲易用性或性能的情況下加強 WordPress 管理區域的安全性。該強大的外掛具有流線型界面和強大的保護工具,管理員可以對常見威脅進行安全保護,同時以精確性和準確性自訂登錄體驗。

問題與答案:
1. Admin Safety Guard 主要適合哪些人使用?
- Freelance Developers & WordPress Professionals(獨立開發人員和 WordPress 專家)
- Agencies & Web Design Teams(機構和網頁設計團隊)
- Security-Conscious Site Owners(注重安全的網站擁有者)
- Plugin & Theme Creators(外掛和主題創作者)
- Online Businesses & eCommerce Stores(在線企業和電子商務商家)
- Educational Institutions & Bloggers(教育機構和部落客)

2. Admin Safety Guard 具備哪些免費功能?
- 隱藏管理欄(帶條件)
- 儀表板概述(進行中)
- 修改登錄 URL
- 登錄 / 登出後重新導向
- 限制登錄嘗試次數
- CAPTCHA 保護
- 登錄日誌和活動追踪
- IP 封鎖
- 雙因素驗證(2FA)
- 密碼保護
- 混淆作者別名
- 自定義管理員 CSS
- 電子郵件地址

原文外掛簡介

Admin Safety Guard is a complete WordPress security helper focused on securing the login flow and hardening the admin area — without sacrificing usability or performance. It ships with a clean UI, smart defaults, and guardrails against the most common attacks (brute force, credential stuffing, bot logins, and XML-RPC abuse). You also get granular control over the login experience (custom URL, redirects, branding, and more).

Whether you need to block suspicious IPs, enforce two-factor authentication, or ship a branded login for clients, Admin Safety Guard has you covered.
🌟 Admin Safety Guard Pro
Admin Safety Guard Pro takes your security and customization to the next level. It strengthens defenses against unauthorized access, brute-force attacks, and data risks while giving you deeper control over how users log in and interact with your admin area. The Pro version also adds flexible design tools and smart automations — a complete solution for both security and convenience.
👥 Who Should Use Admin Safety Guard?
Admin Safety Guard is perfect for users who need more control, security, and customization in their WordPress admin area:
👩‍💻 Freelancers & Developers: Add backend security and branding to client sites—no heavy coding.
🏢 Agencies & Teams: Secure multiple websites with a single workflow and consistent branding.
🔒 Site Owners: Protect dashboards from brute-force attacks and unauthorized logins.
🧩 Plugin/Theme Authors: Add layered protection in demo or test environments.
📈 Online Businesses: Secure customer data with 2FA, CAPTCHA, and password protection.
🎓 Educators & Bloggers: Maintain a professional look while increasing security.
✅ Free Features at a Glance

Hide Admin Bar (with conditions)
Dashboard Overview (in progress)
Change Login URL
Redirect After Login / Logout
Limit Login Attempts
CAPTCHA Protection
Login Logs & Activity Tracking
IP Blocking
Two-Factor Authentication (2FA)
Password Protection
Disable XML-RPC
Add Custom Logo on Login Form
Custom Logo & Branding

💎 Premium Feature List

Passwordless Login
2FA via Mobile App (TOTP)
CSRF Protection
Database Table Prefix Check
Whitelist IP Addresses
Hide Admin Bar
WP Directory File Permissions Check
Social Login (Google, Facebook, etc.)
Disallow Unauthorized REST Requests
Password Strength Tool
Provide Login Template (ready-made)
Customize Design Pro (advanced styling)
Email Notification

Free Feature Details
👤 Hide Admin Bar (With Conditions): Hide the admin bar selectively for specific users or roles.
📊 Dashboard Overview: Visualize user activity and security stats in one glance.
🔗 Change Login URL: Customize the default wp-login.php to block automated bots.
🔁 Redirect After Login/Logout: Redirect users to any page after login/logout.
📋 Limit Login Attempts: Block repeated failed logins to prevent brute-force attacks.
🤖 CAPTCHA Protection: Stop bots with reCAPTCHA or similar human verifications.
🕵️‍♂️ Login Logs & Activity Tracking: Track user login times and backend actions.
⛔ IP Blocking: Block access by IP address to prevent hostile logins.
🔐 Two-Factor Authentication (2FA): Add extra verification layers to secure logins.
🛂 Password Protection: Protect private pages or areas with a password.
⚙️ Disable XML-RPC: Disable vulnerable XML-RPC endpoints to stop exploits.
🖼️ Custom Logo on Login Form: Replace WordPress logo with your brand.
🏷️ Custom Branding: Apply your own design across login and admin pages.
🔐 Pro Feature Details
🔑 Passwordless Login: Secure email-based login with one-time magic links—no password required.
📱 2FA via Mobile App: Add app-based Two-Factor Authentication (Google Authenticator / Authy).
🧩 CSRF Protection: Prevent Cross-Site Request Forgery attacks with token verification.
🗃️ Database Table Prefix Check: Detects and helps change the insecure wp_ prefix.
🌐 Whitelist IP Addresses: Restrict admin access to trusted IPs only.
🧑‍💻 Hide Admin Bar (Conditional): Show or hide admin bar for specific roles or users.
🗂️ WP Directory File Permissions Check: Scans and verifies file and directory permissions.
🌍 Social Login: Allow users to log in with Google, Facebook, or Twitter accounts.
🚫 Disallow Unauthorized REST Requests: Restrict REST API access conditionally.
💪 Password Strength Tool: Enforce strong password rules for better protection.
🎨 Provide Login Template: Instantly apply stylish, ready-to-use login templates.
🧰 Customize Design Pro: Fully customize admin and login design with a simple UI.
📧 Email Notification: Receive and customize security alerts directly to your inbox.

Explore Pro Features: Admin Safety Guard Pro

Support
For any issues, questions, or feature requests, please reach out via Support.
External Services
This plugin uses the following third-party and external services:
1) Google reCAPTCHA (Google LLC)
Purpose:
Used to protect forms from spam and automated abuse.
When it is used:
– When reCAPTCHA is enabled in plugin settings
– On login forms and support forms protected by reCAPTCHA
What data is sent:
– User IP address
– reCAPTCHA response token generated by Google
– Browser information as required by Google reCAPTCHA
Service provider:
Google LLC
Terms of Service:
https://policies.google.com/terms
Privacy Policy:
https://policies.google.com/privacy
2) ThemePaste API (Plugin Author Service)
Purpose:
Used for:
– Collecting optional admin email addresses for plugin updates and notifications
– Sending support requests from the plugin support form
– Collecting optional feedback when a user attempts to deactivate the plugin
– Managing plugin-related notifications (only if the user provides contact details)
When it is used:
– When a user submits the built-in support form
– When a user opts to send diagnostic information
– Submitting the optional deactivation feedback form
What data is sent:
– Name
– Email address
– Phone number (if provided)
– Message content
– Site URL
– Plugin name
– Feedback text (if provided)
– Support message content
– Deactivation reason (if provided)
No data is sent without user action.
Service provider:
ThemePaste.com
Terms of Service:

Terms & Condition


Privacy Policy:

Privacy Policy


Development / Source Code
This plugin includes compiled JavaScript bundles in:
– assets/admin/build/*.bundle.js
The original (human-readable) source files are included in this plugin under:
– spa/admin/
Build Tools
– Node.js (LTS recommended)
– npm
– Webpack + Babel
Source Entry Points
The admin SPA bundles are built from the following entry points:

spa/admin/login-template/Main.jsx -> assets/admin/build/loginTemplate.bundle.js
spa/admin/login-logs-activity/Main.jsx -> assets/admin/build/loginLogActivity.bundle.js
spa/admin/analytics/Main.jsx -> assets/admin/build/analytics.bundle.js
spa/admin/security-core/Main.jsx -> assets/admin/build/securityCore.bundle.js
spa/admin/firewall-malware/Main.jsx -> assets/admin/build/firewallMalware.bundle.js
spa/admin/privacy-hardening/Main.jsx -> assets/admin/build/privacyHardening.bundle.js
spa/admin/monitoring-analytics/Main.jsx -> assets/admin/build/monitoringAnalytics.bundle.js

Install Dependencies
From the plugin root directory (or the directory where package.json exists):
1) Install dependencies:
npm install
Build (Production)
To generate the production bundles:
npm run build
Output Location
Webpack outputs the compiled bundles to:

assets/admin/build/[name].bundle.js

Important Notes
– Do not edit files in assets/admin/build/ directly. They are generated files.
– Edit the source files under spa/admin/ and re-run the build command.
– For WordPress.org distribution, production builds should be used (mode=production).
Links
Website
Documentation
Pro Version
Facebook
Pinterest
LinkedIn
Instagram

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Admin Safety Guard — Login Security & 2FA」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

1.0.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.0.9 | 1.1.0 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.2.0 | 1.2.1 | 1.2.2 | 1.2.3 | 1.2.4 | trunk |

延伸相關外掛(你可能也想知道)

  • Titan Anti-spam & Security 》ime for new hacking patterns and malicious IP addresses, to block attacks., [PRO] We provide 24/7 technical support., [PRO] Protect your website fr...。
  • Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms 》Limit Attempts 插件是 WordPress 的安全解決方案,可保護您的網站免受垃圾郵件和暴力攻擊。根據您的設置,限制每個使用者失敗的登錄嘗試次數並封鎖使用者 IP...。
  • Limit Login Attempts 》ck IP addresses and user agents that are linked to suspicious activity or attacks on your website., DOS Protection – Protect your website from a De...。
  • Melapress Login Security 》提高 WordPress 登入安全性,實現自定義安全 WordPress 登入策略, 透過將自己置於驅動器座位的策略,實現更好的 WordPress 登入安全性。這些登入安全策略具有...。
  • WordPress Security – Firewall, Malware Scanner, Secure Login and Backup 》WORDPRESS 最受歡迎的防火牆和安全掃描器, Wp security pro 包含專門為 WordPress 創建的恶意軟件掃描器和終端防火牆。為了保障您的網站安全,我們的威脅防禦...。
  • Limit Login Attempts Plus – WordPress Limit Login Attempts By Felix 》這個外掛可以限制在正常登錄和使用授權 Cookie 登錄時的登錄次數。, WordPress 默認允許無限次數的登錄嘗試,可以通過登錄頁面或發送特殊的 cookies 進行。這...。
  • Jeba Limit Login Attempts 》這是 Jeba Limit Login Attempts WordPress 外掛的描述。它是為了讓 WordPress 登入更安全,以及解決當駭客使用腳本去猜測用戶名稱/密碼造成的問題而開發的。...。
  • GhostGate 》總結:GhostGate 是一款輕巧卻功能強大的 WordPress 安全外掛程式,它透過動態登入網址和多層次存取驗證來消除登入頁面作為攻擊表面的問題,並提供多種安全功...。
  • Senpai Software – Two-factor authentication (2FA) with a key file 》- 此外掛讓你可以將你電腦上的任何檔案轉換成一個唯一的 Key,以便進入管理區。- 檔案不會被下載或實際存儲在網站上。- 不會產生額外的安全風險。- 不會產生...。
  • Secure Admin Access 》如果您在運行 WordPress 網站,絕對應該使用「Secure-Admin-Access」來保護它免受黑客攻擊。, Secure Admin Access 解決了 WordPress 社區中一個明顯的安全漏...。
  • Orbisius Limit Logins 》這個外掛記錄並阻擋使用已知不良用户名(如admin、adm等)嘗試登錄的用戶的IP地址。, 該插件有意在非常早的時候(plugins_loaded)掛鉤,以判斷用戶是否應該...。
  • Logy – The New Era Of Login / Registration With Social Login & Limit Login Attempts & Captcha 》Logy 是一款安全且先進的登錄/註冊/重設密碼系統,具有優雅的響應式設計和許多強大功能,如社交登錄、限制登錄嘗試、驗證碼等等…非常可定制,由 KaineLabs 提...。
  • CubeMage Login Guard 》總結:Login Guard by CubeMage提供了一個安全解決方案,用於保護你的WordPress登錄、註冊和評論表單免受垃圾郵件和暴力攻擊的影響。這款外掛能夠整合Cloudfl...。
  • Simple Login Guard – Monitor & Block Attempts 》總結:Simple Login Guard是一個輕量級的登入安全外掛,旨在保護您的 WordPress 網站免受暴力攻擊。它監控每次登入嘗試,記錄失敗和成功的登入,追蹤可疑行為...。
  • QS Core Modules 》<h3>外掛總結:</h3>, <p>這是一款完全免費的外掛,幾乎可以處理我們在每次安裝時需要添加的大部分功能。該外掛專為速度和功能性而建,每...。

文章
Filter
Mastodon