[WordPress] 外掛分享： Dotsquares Custom Login URL & Security Suite

內容簡介

Dotsquares Custom Login URL & Security Suite 是一款強化 WordPress 網站安全的外掛，讓使用者能夠變更預設登入 URL，並在一個精美的控制台中應用額外的安全層級，保護網站免受攻擊。

【主要功能】
• 自訂登入 URL，隱藏 wp-login.php
• 防止暴力破解攻擊，設置鎖定閾值
• 深度掃描 WordPress 核心、外掛與佈景主題
• 兩步驟驗證，支援 Google Authenticator
• 使用者會話管理，查看並終止活躍會話
• 實時安全評分，提供安全事件日誌

外掛標籤

開發者團隊

原文外掛簡介

Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers — all from one beautifully designed dashboard.
🔑 Login Security

Custom login slug — redirect wp-login.php to your own secret URL
Optionally hide wp-login.php (returns 404 for guests)
Optionally block wp-admin for non-logged-in users
Brute force protection with configurable lockout thresholds
Login honeypot trap (hidden field that catches bots)
Two-Factor Authentication (TOTP — works with Google Authenticator, Authy, etc.)
Weak username detection (blocks “admin”, “root”, “test”, etc.)
Force logout after inactivity (configurable timeout)
Manual approval for new user registrations
Prevent display name from matching username

🛡️ Firewall

Disable XML-RPC (common attack vector)
Block bad bots and fake user agents (40+ known bots)
Block POST requests with empty User-Agent headers
Rate limiting per IP address
IP blacklist and whitelist (supports CIDR ranges)
Geo-blocking by country code
Restrict REST API for non-logged-in users
Prevent user enumeration via ?author= scans

🔍 Malware & File Scanner

Deep scan of WordPress core, plugins, themes and uploads
40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)
Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)
WordPress core file integrity check (compares against official api.wordpress.org checksums)
Detects PHP files hidden inside the uploads folder
Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)
File change detection using MD5 hash baseline
File permission scanner (755/644 standards)
.htaccess security rules generator

👥 User & Session Management

View and kill active user sessions
Session tracking with IP and user-agent logging
Manual user approval workflow

📊 Monitoring & Logs

Security event log (login, logout, failed attempts, plugin/theme changes)
IP blocking log with unblock controls
Real-time security score (A–F grade with per-check breakdown)

⚙️ Other Features

Maintenance mode with custom message
Database backup download
Email alerts for security events
Beautiful admin dashboard with quick-toggle switches

Important
Hardening actions such as DB prefix change and wp-content rename are advanced operations.
Always run these features on a staging environment and ensure you have a full backup before applying them on production.

延伸相關外掛

Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force PreventionLimit Login Attempts Reloaded 是一款強大的安全外掛，旨在...CloudSecure WP Security管理画面とログインURLをサイバー攻撃から守る、安心の国産・...WP Ghost (Hide My WP Ghost) – Security & FirewallWP Ghost 是一款專業級的 WordPress 安全解決方案，專注於防...Anti-Malware Security and Brute-Force FirewallAnti-Malware Security and Brute-Force Firewall 外掛旨在保...WP fail2ban – Advanced SecurityFail2ban是您可以實施來保護 WordPress 網站的最簡單和最有效...XO SecurityXO Security 是一個可增強登入相關安全性的外掛程式。 此外掛...User Login HistoryUser Login History 是一款使用者登入記錄追蹤外掛，可詳細記...IP Geo Block安裝越多主題和外掛，你的網站越容易受到攻擊，即使你對其進...Stop XML-RPC Attacks透過刪除某些方法，而非完全停用 XML-RPC，來保護您的網站的 ...HTTP Auth啟用此外掛可在您的網站上設置 HTTP 認證。您可以輕鬆地為 HT...BotBlocker Security – Firewall & Bot ProtectionBotBlocker Security 是一款專為 WordPress 設計的安全外掛，...Protection Against DDoS這個外掛能夠解決由 WordPress Codex 中描述的暴力破解攻擊引...Melapress Login Security提高 WordPress 登入安全性，實現自定義安全 WordPress 登入...WordPress Brute Force Protection – Stop Brute Force AttacksGuardGiant 是一款暴力破解防護外掛，透過信任裝置機制區分真...WebDefender Security – Protection & AntiSpam一款專業的 WP 安全保護外掛 WebDefender 是由安全專家團隊...