內容簡介
eSherpa Login Guard 是一款瑞士開發的 WordPress 登入防護外掛,透過蜜罐機制、漸進式鎖定與多層偵測策略,有效阻擋暴力破解攻擊,完全不依賴外部服務,兼顧安全性與隱私合規。
【主要功能】
• JavaScript 蜜罐自動偵測機器人並立即鎖定
• 受保護帳號陷阱,封鎖常見試探用戶名
• 主動封鎖已知惡意 User-Agent 特徵
• WordPress 強化:停用 XML-RPC、隱藏 REST 使用者端點
• 漸進式鎖定時間,累犯自動延長封鎖
• 即時安全警示與詳細失敗登入記錄面板
• IP 僅以匿名雜湊方式儲存,符合隱私規範
外掛標籤
開發者團隊
原文外掛簡介
eSherpa Login Guard effectively and intelligently protects your WordPress site from brute-force attacks – Swiss precision, completely without external dependencies.
Key Features:
Honeypot-first bot defense: JavaScript Honeypot detects non-browser bots and triggers immediate lockout logic.
Protected username trap: Immediate lockout for defined usernames (e.g., “admin”, “test”), independent of the regular counter.
Proactive User-Agent blocking: Block known bot signatures before login processing (exact match or substring mode).
Blocked User-Agent attempt log: Separate log table for blocked User-Agent requests including matching pattern.
WordPress hardening options: Disable XML-RPC (with fake-user honeypot response), hide REST user endpoint, and block author archive enumeration.
Optional bot password capture: Store attempted passwords from detected JS-honeypot bots for incident analysis.
Neutral login error option: Hide username enumeration by using neutral WordPress login error responses.
Live security visibility: Live alarm in admin, lockout badge in menu, and detailed failed-attempt logs with IP/User-Agent filters.
Progressive lockout durations: Lockout time increases on repeat offenses (e.g., 15 → 30 → 60 → 120 minutes).
Login page guidance: Clear countdown and “X attempts remaining” notice for transparent lock state.
Privacy-compliant: IPs stored only as anonymized hashes.
Automatic cleanup of old failed attempts (configurable).
Mobile-friendly admin tables: Horizontal scrolling for wide security tables on small screens, including swipe hint.
Email notification to admin on attacks against existing users.
Developed in Switzerland – fast, clean, performant, and multilingual ready.
Compatible with WordPress 6.9 and tested up to PHP 8.5.3.
