內容簡介
Authica™ 將 WordPress 的登入介面升級為專業且符合品牌形象的設計,並提供多層次的安全性。此外掛適合代理商、開發者及網站擁有者,讓他們在不妥協安全性的情況下,掌控專業設計。
【主要功能】
• 自訂登入設計:品牌化每個關鍵元素,包括標誌、背景等
• 電子郵件驗證:要求用戶確認電子郵件地址
• 機器人保護:支援隱私導向的 Cloudflare Turnstile
• 隱藏/重新命名 wp-login.php:減少自動攻擊
• 登入與登出重定向:導向正確頁面
• IP 限制:根據 IP 規則控制登入權限
外掛標籤
開發者團隊
📦 歷史版本下載
原文外掛簡介
Authica™ is a WordPress login security and login customization plugin built for site owners, agencies, and developers who want a safer, more professional login experience.
Use Authica to customize the WordPress login page, protect login forms with Cloudflare Turnstile, add two-factor authentication, reduce brute force attacks, hide or rename wp-login.php, manage login redirects, restrict login access by IP, and monitor login activity with security logs and reports.
Instead of using separate plugins for login branding, CAPTCHA, 2FA, brute force protection, login redirects, hide login, and activity logs, Authica brings these features together in one polished WordPress admin experience.
Highlights:
WordPress Login Customization
Customize the default WordPress login page with your own logo, background, colors, overlays, typography, Google Fonts, welcome messages, error messages, and responsive layout controls.
Cloudflare Turnstile Bot Protection
Protect WordPress login, registration, and password reset forms with privacy-focused Cloudflare Turnstile verification.
Two-Factor Authentication for WordPress
Add app-based TOTP two-factor authentication to improve account security for administrators, users, and client sites.
Hide or Rename wp-login.php
Move the default WordPress login URL away from automated bot targets and reduce noise from common brute force attempts.
Brute Force Protection
Limit repeated failed login attempts and help protect accounts from password guessing and credential stuffing attacks.
Web Application Firewall
Inspect incoming requests for suspicious patterns such as SQL injection, cross-site scripting, path traversal, remote code execution, sensitive file probes, scanner traffic, and known malicious user-agents.
IP Restriction
Create allow, deny, and stealth access rules for login protection based on IP addresses or IP ranges.
Login Activity Logs and Security Reports
Monitor login attempts, blocked events, user activity, countries, IP addresses, and suspicious login behavior from the Authica dashboard.
Login and Logout Redirect Rules
Send users to the correct page after login or logout with simple redirect controls and role-based flows.
Email Verification
Require users to confirm their email address before signing in, helping reduce fake accounts, spam registrations, and bot-created users.
Modern Authica Admin UI
Manage login security and login branding from a polished, consistent WordPress admin interface built for agencies and serious site owners.
Authica Free includes full visual branding tools plus core security features. Upgrade to Authica Pro for advanced controls and premium protections.
Learn more: https://authica.net
Contributors
emilsim (Emil Simunovic)
Features
Login Branding and Design
Custom logo
Background image and color controls
Overlay controls
Form styling
Button styling
Input styling
Google Fonts
Custom welcome and error messages
Mobile-friendly login layout
Live preview through the WordPress Customizer
Login Security
Cloudflare Turnstile bot protection
Brute force protection
Web Application Firewall
Two-factor authentication / TOTP
Hide or rename wp-login.php
IP restriction rules
Email verification
Login activity logs
Security reports and alerts
Login Flow Controls
Login redirects
Logout redirects
Role-based redirect support
Magic link controls
Passkey
Social Login
AJAX-powered login form
Agency and Professional Features
Polished Authica admin interface
Client-friendly login branding
Security reporting
White-label mode in Pro
Premium support in Pro
Privacy
This plugin uses an optional opt-in to collect non-sensitive diagnostic data and plugin usage information to help improve the product. The opt-in is presented on first use and can be changed at any time under Authica → Account.
Collected data may include: WordPress/site version, language, plugin/theme list and versions, admin email (for license/updates), and anonymized site URL. No personal content or passwords are collected.
Data is processed by our licensing/telemetry provider and by us for support and update delivery.
• Provider’s Privacy & Terms: https://freemius.com/privacy/ , https://freemius.com/terms/
If you choose not to opt in, only the information required to deliver updates to your site is stored (license/installation ID, if you activate a license).
External services
Cloudflare Turnstile (human verification)
This plugin can integrate with Cloudflare Turnstile to protect login, registration, and password-reset forms from automated abuse.
• What is it used for?
Turnstile provides a human verification widget to reduce bot signups and credential-stuffing attempts.
• What data is sent and when?
– On pages where the widget is shown, the Turnstile JavaScript file is loaded from
https://challenges.cloudflare.com/turnstile/v0/api.js. When loaded, Cloudflare
may receive standard browser/connection data (e.g., IP address, user agent, referrer)
and evaluate device/browser signals to determine risk, per Cloudflare’s documentation.
– When a verification token is produced by the widget, your WordPress site makes a
server-to-server request to:
https://challenges.cloudflare.com/turnstile/v0/siteverify
The server-to-server verification includes the user’s response token and your secret key.
When a valid client IP is available, the optional remoteip value may also be sent to Cloudflare to improve verification accuracy.
• Where can I learn more?
– Cloudflare Turnstile: https://www.cloudflare.com/products/turnstile/
– Turnstile docs: https://developers.cloudflare.com/turnstile/
– Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
– Cloudflare Terms of Service: https://www.cloudflare.com/terms/
• How do I disable it?
Turnstile integrations can be disabled at Authica → Turnstile & Edge Security, which stops the
widget from loading and the verification endpoint from being called.
jsDelivr (Chart.js fallback, admin-only)
For the admin “Captcha Statistics” chart, this plugin prefers a local copy of Chart.js
(bundled in assets/vendor/chart.js/). If the local file is not present, it falls back to
loading Chart.js from:
https://cdn.jsdelivr.net/npm/[email protected]/dist/chart.umd.min.js
• What data is sent?
Only the administrator’s browser requests the static script file from the CDN.
No user content or personal data is transmitted by this plugin as part of that request.
• How do I avoid the CDN?
Keep the local file at assets/vendor/chart.js/chart.umd.min.js so the fallback is not used.
Email delivery
This plugin uses WordPress wp_mail() to send email verification messages. Mail delivery
is handled by your hosting provider or any SMTP/email plugin you configure. If you connect
a third-party email service (e.g., via an SMTP plugin), that service’s privacy terms apply.
This plugin does not send verification data to any email vendor on its own.
Creator Program
We invite WordPress creators to publish an honest Authica walkthrough on YouTube (no positive review required).
Find out more: authica.net/creator-program
Trademark
Authica™ is a trademark claimed by Emil Simunovic. Registration pending.
WordPress is a registered trademark of the WordPress Foundation, used under license.
