[WordPress] 外掛分享: Defyn Security Manager – Hide Login, 2FA & Brute-Force Protection

首頁外掛目錄 › Defyn Security Manager – Hide Login, 2FA & Brute-Force Protection
WordPress 外掛 Defyn Security Manager – Hide Login, 2FA & Brute-Force Protection 的封面圖片
20+
安裝啟用
尚無評分
剛更新
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.2.1 上架:2026-06-23

內容簡介

Defyn Security Manager 是一款輕量級的 WordPress 安全外掛,專注於隱藏登入頁面、提供雙重身份驗證及防止暴力破解攻擊,確保網站後端安全。透過簡單的設定,使用者可以有效降低攻擊風險並監控登入活動。

【主要功能】
• 隱藏 WordPress 登入網址,防止自動化攻擊
• 提供暴力破解保護,自動鎖定失敗的 IP 地址
• 支援雙重身份驗證(2FA),增強登入安全性
• 活動日誌與審計追蹤,隨時查看登入嘗試
• 時間窗口存取控制,限制登入時間
• IP 白名單,僅允許信任的 IP 存取後端

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.2.1) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Defyn Security Manager – Hide Login, 2FA & Brute-Force Protection」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Defyn Security Manager is a lightweight WordPress security plugin that hides your login page and locks down the back end. Most attacks on WordPress start at one predictable place: /wp-admin and /wp-login.php. Defyn Security Manager moves that door, throttles attackers, adds two-factor authentication, and records every attempt so you always know who is knocking.
No bloat, no upsell walls, and no account required. Install it, choose a secret login slug, and your login page disappears from bots and scanners.
What it does

Hide the WordPress login URL. Replace /wp-admin and /wp-login.php with any custom login URL you choose, so automated bots and brute-force scripts hit a dead end.
Decoy or 404 the old URLs. Decide what attackers see at the original login addresses: a 404, a redirect, or a decoy login screen.
Brute-force protection. Limit login attempts and automatically lock out IP addresses after repeated failures, with a one-click control to clear active lockouts.
Two-factor authentication (2FA). Add TOTP-based two-factor authentication using Google Authenticator, Authy, 1Password, Microsoft Authenticator or Bitwarden, complete with backup codes and per-role enforcement.
REST API and XML-RPC protection. Extend two-factor enforcement to the REST API and XML-RPC, with optional API hiding to shrink your attack surface.
Time-window access control. Only allow logins during the hours and days you actually work, and block everything else.
IP allowlisting. Optionally restrict back-end access to trusted IP addresses or CIDR ranges.
Activity log and audit trail. See login attempts, lockouts, scans of your old login URLs, and settings changes in one searchable log.
Email alerts. Get notified about lockouts, scans, and logins from new IP addresses.

Why choose Defyn Security Manager

Fast and focused. A purpose-built login-security and login-hardening plugin, not a heavyweight suite that slows your site down.
Recovery built in. A documented emergency kill switch means you can never permanently lock yourself out.
Privacy friendly. Your data stays on your site. Nothing is sent to a third-party service.
Built by an agency. Maintained by Defyn, an Australian web design and development studio that runs this plugin on client sites every day.

Defyn Security Manager is ideal for anyone who wants to hide wp-admin, stop brute-force login attempts, limit login attempts, add 2FA to WordPress, and keep a clear security audit trail.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon