[WordPress] 外掛分享: Authica

WordPress 外掛 Authica 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「Authica」是 2025-09-20 上架。
  • 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
  • 上一次更新是 2026-02-25,不久前才剛更新。
  • 外掛最低要求 WordPress 6.0 以上版本才可以安裝。
  • 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
  • 有 1 人給過評分。
  • 論壇上目前有 1 個提問,問題解答率 100% ,不低,算是個很有心解決問題的開發者團隊了!

外掛協作開發者

emilsim | freemius |

外掛標籤

2FA | security | turnstile | branded login | brute force protection |

內容簡介

總結:Authica™將您的預設WordPress登錄界面轉變為完全品牌化、安全和用戶友好的體驗,適合機構、開發人員和企業,想要時尚和安全兼具。

1. Authica™提供了哪些亮點?
- 可自定義的登錄設計,包括添加標誌、背景、覆蓋效果和Google字體。
- 雙因素認證(TOTP)(即將推出)——通過基於應用的2FA來確保您的帳戶安全。
- 保護機器人——支持Cloudflare Turnstile和Google reCAPTCHA v2/v3。
- 暴力保護(即將推出)——自動封鎖可疑的登錄嘗試。
- 登錄和登出重定向(即將推出)——在登錄/登出後將用戶發送到您想要的位置。
- 隱藏/重命名wp-login.php(即將推出)——阻止針對默認登錄URL的機器人。
- 安全日誌和警報(即將推出)——追踪登錄嘗試和可疑活動。

2. Authica的免費版本包括哪些功能?
- 完整的品牌選項、Google字體、還原和備份。

3. 如何升級到Authica Pro版本?
- 拓展和高級功能。

4. 這個插件可以整合哪項外部服務?
- Cloudflare Turnstile(人類驗證)可保護登錄、註冊和重置密碼表單免受自動濫用。

5. 什麼是Turnstile用於?
- Turnstile提供人類驗證小工具,以減少機器人註冊和憑證填充嘗試。

6. 何時會發送哪些數據?
- 缺省隱略。

原文外掛簡介

Authica™ upgrades the default WordPress login into a polished, on-brand experience with practical, layered security. It is built for agencies, developers, and site owners who want professional design control without sacrificing protection.
Creator Program: We invite WordPress creators to publish an honest Authica walkthrough on YouTube (no positive review required).
Find out more: authica.net/creator-program
Highlights:

Customizer Login Design
Brand every key element: logo, background, overlays, layout, and typography (including Google Fonts).

Email Verification
Require users to confirm their email address before they can sign in.

Bot Protection
Supports privacy-focused Cloudflare Turnstile.

Hide / Rename wp-login.php
Reduce automated attacks by moving the login URL away from the default target.

Login & Logout Redirects
Send users to the right page after login/logout (dashboard, custom URL, or role-based flows).

IP Restriction
Allow/deny access to the login screen using IP rules.

Brute Force Protection
Automatically rate-limit and block repeated failed login attempts.

Two-Factor Authentication (TOTP)
Add app-based 2FA for stronger account security.

Security Logs & Alerts
Monitor login activity and suspicious events from a single place.

Social Login
Coming soon.

Authica Free includes full visual branding tools plus core security features. Upgrade to Authica Pro for advanced controls and premium protections.
Learn more: https://authica.net
Contributors
emilsim (Emil Simunovic)
Privacy
This plugin uses an optional opt-in to collect non-sensitive diagnostic data and plugin usage information to help improve the product. The opt-in is presented on first use and can be changed at any time under Authica → Account.
Collected data may include: WordPress/site version, language, plugin/theme list and versions, admin email (for license/updates), and anonymized site URL. No personal content or passwords are collected.
Data is processed by our licensing/telemetry provider and by us for support and update delivery.
• Provider’s Privacy & Terms: https://freemius.com/privacy/ , https://freemius.com/terms/
If you choose not to opt in, only the information required to deliver updates to your site is stored (license/installation ID, if you activate a license).
Current Features
Branding & Design
– Upload your own logo
– Customize colors, backgrounds, and overlays
– Google Fonts
– Live preview via WordPress Customizer
Security & Protection
– Cloudflare Turnstile CAPTCHA integration
– Email verification (Pro)
– Hide/Rename wp-login.php (Pro)
– Redirect Rules
User Experience
– Custom welcome/error messages
– Login & logout redirects
– AJAX-powered login form
– Mobile-first responsive design
External services
Cloudflare Turnstile (human verification)
This plugin can integrate with Cloudflare Turnstile to protect login, registration, and password-reset forms from automated abuse.
• What is it used for?
Turnstile provides a human verification widget to reduce bot signups and credential-stuffing attempts.
• What data is sent and when?
– On pages where the widget is shown, the Turnstile JavaScript file is loaded from
https://challenges.cloudflare.com/turnstile/v0/api.js. When loaded, Cloudflare
may receive standard browser/connection data (e.g., IP address, user agent, referrer)
and evaluate device/browser signals to determine risk, per Cloudflare’s documentation.
– When a verification token is produced by the widget, your WordPress site makes a
server-to-server request to:
https://challenges.cloudflare.com/turnstile/v0/siteverify
The server-to-server verification includes the user’s response token and your secret key.
When a valid client IP is available, the optional remoteip value may also be sent to Cloudflare to improve verification accuracy.
• Where can I learn more?
– Cloudflare Turnstile: https://www.cloudflare.com/products/turnstile/
– Turnstile docs: https://developers.cloudflare.com/turnstile/
– Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
– Cloudflare Terms of Service: https://www.cloudflare.com/terms/
• How do I disable it?
Turnstile integrations can be disabled at Authica → Bot Protection, which stops the
widget from loading and the verification endpoint from being called.
jsDelivr (Chart.js fallback, admin-only)
For the admin “Captcha Statistics” chart, this plugin prefers a local copy of Chart.js
(bundled in assets/vendor/chart.js/). If the local file is not present, it falls back to
loading Chart.js from:
https://cdn.jsdelivr.net/npm/[email protected]/dist/chart.umd.min.js
• What data is sent?
Only the administrator’s browser requests the static script file from the CDN.
No user content or personal data is transmitted by this plugin as part of that request.
• How do I avoid the CDN?
Keep the local file at assets/vendor/chart.js/chart.umd.min.js so the fallback is not used.
Email delivery
This plugin uses WordPress wp_mail() to send email verification messages. Mail delivery
is handled by your hosting provider or any SMTP/email plugin you configure. If you connect
a third-party email service (e.g., via an SMTP plugin), that service’s privacy terms apply.
This plugin does not send verification data to any email vendor on its own.
Trademark
Authica™ is a trademark claimed by Emil Simunovic. Registration pending.
WordPress is a registered trademark of the WordPress Foundation, used under license.

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Authica」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

1.4.1 | 1.5.0 | 2.0.1 | 2.1.0 | 2.1.1 | 2.2.0 | 2.2.1 | 2.2.2 | 2.3.0 | 2.3.1 | trunk |

延伸相關外掛(你可能也想知道)

  • Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
  • Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
  • Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
  • Two Factor 》在「使用者」→「您的個人檔案」下的「雙因素認證選項」部分,啟用和設定一個或多個雙因素認證提供者:, , 電子郵件代碼, 時間同步一次性密碼(TOTP), FIDO通...。
  • WP 2FA – Two-factor authentication for WordPress 》這是一款免費且易於使用的 WordPress 二階段驗證外掛。, 在 WordPress 網站登錄頁面和使用者上加入額外的安全層。啟用兩階段驗證(2FA),它是保護使用者免於...。
  • Wordfence Login Security 》WORDFENCE 登入安全性, Wordfence 登入安全性包含在完整的 Wordfence 插件中發現的功能子集:雙因素驗證、XML-RPC 保護和登入頁 CAPTCHA。, 你正在尋找全面的...。
  • WP Hide & Security Enhancer 》WP-Hide 推出了最簡單的方法,完全隱藏 WordPress 核心文件、登錄頁面、佈景主題和外掛程式的路徑,使其不會顯示在前端,這是 Site Security 的一個巨大改進...。
  • Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 》你一定會喜歡的功能, , 獨家AntiBot Detection Engine - 強大的替代 Google reCAPTCHA 和 CloudFlare Turnstile。, 自動防止機器人和 IP - 基於評分的安全智...。
  • Two Factor Authentication 》>WordPress 二次驗證, 此外掛使用雙重認證(TFA / 2FA)來增強 WordPress 的登入安全性。啟用此功能的使用者需輸入一次性密碼才能登入。本掛件由UpdraftPlus ...。
  • Login With Ajax – Fast Logins, 2FA, Redirects 》Login With Ajax 是針對需要用戶登錄或註冊的網站,希望避免使用常規的WordPress登錄頁面或在常規登錄頁面添加 AJAX 特效的外掛。此外掛能夠在側邊欄上添加帶...。
  • Two Factor (2FA) Authentication via Email 》WordPress是全球最受歡迎的內容管理系統(CMS),超過40%的網站正在運行它。因此,WordPress已成為黑客利用漏洞入侵網站的目標。增強WordPress網站安全性的...。
  • miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator) 》Google Authenticator – 雙重因素(2FA / OTP) –, 使用 TOTP 登入 2FA 方式,如 Duo/Microsoft/Google Authenticator,來保護您的 WordPress 網站登入頁面。, ...。
  • WP 2-step verification 》WordPress 2步驟驗證(Wp2sv)為您的 WordPress 帳戶增加了額外的安全層。, 除了您的用戶名和密碼,當您登入時,您還需要輸入由 Android/iPhone/Blackberry ...。
  • OTP Login & Register Woocommerce 》現場示範, 允許使用者通過在您的行動裝置上收到的一次性密碼(OTP)登錄/註冊。, 特色與選項:, , 向註冊表單添加電話號碼欄位, 無需記住電子郵件/密碼,使用 OT...。
  • WebAuthn Provider for Two Factor 》此外掛為 Two Factor 外掛新增 WebAuthn 支援。, 由於 U2F API 已被停用並將在 2022 年 2 月被移除,此外掛可使之前註冊的 U2F 安全金鑰仍能自動支援,使用者...。

文章
Filter
Apply Filters
Close
Mastodon