前言介紹
- 這款 WordPress 外掛「WordPress Brute Force Protection – Stop Brute Force Attacks」是 2020-11-30 上架。 目前已經下架不再更新,不建議安裝使用。
- 目前有 2000 個安裝啟用數。
- 上一次更新是 2024-05-14,距離現在已有 353 天。
- 外掛最低要求 WordPress 5.3 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.4 以上。
- 有 4 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
Brute Force | limit login | login security | login protection | brute force protection |
內容簡介
er a certain number of failed login attempts. However, this can also lead to locking out genuine users who simply forgot their password or mistyped it.
GuardGiant is the only WordPress plugin that provides 100% brute force protection without locking out genuine users. The plugin implements the same approach used by large websites such as Facebook and Google by treating trusted devices as safe and directing failed login attempts from them to "Lost Password" forms instead of locking them out. Users receive alerts when anyone logs into their account from an unrecognized device or browser, and GuardGiant uses strong counter-measures like Google ReCaptcha and temporary blocks to limit login attempts from unrecognized devices. All of the plugin's features are fully customizable, and it provides login history logs that comply with GDPR regulations.
In addition to providing brute force protection, GuardGiant also implements various security improvements recommended by OWASP to keep your site safe. It obfuscates login errors, provides the option to disable XMLRPC, and more.
GuardGiant is easy to use regardless of your level of technical expertise, with highly optimized default settings designed to prevent brute force attacks while allowing genuine users to log in. Advanced users can customize the plugin's behavior to suit their needs. Don't become a victim of brute force attacks - protect your site with GuardGiant.
原文外掛簡介
The only plugin with 100% brute force protection that doesn’t lock out genuine users.
Brute Force Protection
This security plugin implements an approach used by large websites such as Facebook, Google etc.
When a genuine user makes a successful login to their account using their mobile phone, tablet, or computer GuardGiant starts treating their device as Trusted.
Failed login attempts from trusted devices are directed towards ‘Lost Password’ forms rather than being subject to account lockouts or additional counter measures.
Users receive an alert when anyone logs into their account from an unrecognized device or browser.
Stop Hackers
GuardGiant uses a range of strong counter-measures to limit login attempts from unrecognized devices. The default behaviour is:
After 3 failed login attempts from the same unrecognized device, a Google ReCaptcha field is added to the login page. ReCaptcha is a strong counter-measure that is very hard for an automated process to solve.
After 10 failed login attempts a temporary block of 2 minutes is applied to the device/IP address. No login attempts can be made during this time.
Each further failed login attempt increases the block time by another minute. This slows down attacks to the point where they quickly become unviable.
All behavior is fully customizable to achieve the level of brute force protection that you require.
Login History
A fully featured security log gives you visibility to login attempts on your site.
Provides geographic location, device type, IP address and more for each login attempt.
Filter login attempts by Trusted or Unrecognized devices.
Search by IP address or username.
Filter by successful or failed attempts.
Easy to display successful logins from unrecognized devices that could indicate a hacked account.
This login history log should form an essential part of your brute force login protection plan. GDPR compliant.
Other Login Security Improvements
This security plugin implements various improvements recommended by the Open Web Application Security Project® (OWASP) to keep your site safe:
Obfuscates login errors to stop hackers detecting valid account names.
Option to disable XMLRPC.
And much, much more.
This security plugin is exceptionally easy to use no matter what your level of technical expertise.
The default settings are highly optimized, designed to prevent brute force attacks whilst not disturbing genuine users from logging in. Advanced users can fully customize the behavior of this plugin to suit their own environment.
Login Security Plugin – Background Information
The most common threat that WordPress site owners face is a password guessing attack known as a brute force attack.
A brute force attack is where an attacker uses a brute force tool (or script) to discover your password by systematically trying every possible combination of letters, numbers, and symbols until the correct password is found. A brute force attack will always work eventually, but the problem for the brute force attacker is that it may take many years to do it.
Brute force prevention techniques focus on slowing down these attacks to the point where they become unviable.
Using long and complex passwords (that are not dictionary words) is a good brute force attack prevention method to start with. This greatly increases the time an attacker will need.
A common way to stop brute force attacks is to lock out the WordPress account after a defined number of failed authorization attempts (there are various brute force plugins that do this).
The problem with this approach is that the site administrator ends up with unhappy users who have been locked out, often needing manual intervention to regain access. This is not sustainable or desirable for sites of any size.
The modern approach to brute force prevention is to track the devices that genuine users use to log in, ensuring they are always treated kindly if they forget their password. Unrecognized devices face a progressive but temporary timed lockout.
Stop Brute Force Attacks
Periodic monitoring of your security audit log can help you stop brute force attacks.
Here are patterns that indicate a brute force attack or some other account abuse:
Failed login attempts using alphabetically sequential usernames or passwords
Multiple different usernames being used by the same IP address
Logins for a single account coming from many different IP addresses
Failed logins at a specific period e.g. every 5 minutes
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WordPress Brute Force Protection – Stop Brute Force Attacks」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
2.1.0 | 2.1.1 | 2.2.0 | 2.2.1 | 2.2.2 | 2.2.3 | 2.2.4 | 2.2.5 | 2.2.6 | trunk |
延伸相關外掛(你可能也想知道)
Login Page Styler | Custom Login | Custom WP Admin Login Page | Admin Security | Admin Protection | Login Page Customizer | Admin Login | Login Security | Login Redirect | Theme Login | Login Menu | Login Form | Admin Dashboard | Change Login Logo | Login Branding | Login Protection | Wp-Admin Login 》Login Page Styler 是一個登錄頁面美化、管理員登錄、自定義登錄模板和登錄安全插件。他能夠保護您的網站免受登錄暴力攻擊,並為WordPress會員用戶提供登錄驗...。
Uber reCaptcha 》這是一個對所有使用 WordPress 的人非常有用的外掛程式。它會在 WordPress 的登入表單、註冊表單和留言表單中加入 reCaptcha 安全功能。這個外掛程式可以幫助...。
WP Content Protection 》此插件用於保護內容。有三種方式進行內容保護:, , 用已登入的用戶進行內容保護。, 用密碼進行內容保護。, 用用戶角色進行內容保護。, , 這適用於任何文章、...。
Anti-Brute Force, Login Fraud Detector WordPress plugin 》以下是 Anti-Brute Force, Login Fraud Detector WordPress 外掛的介紹摘要:, - 這是一個安全外掛,可以即時地偵測和阻攔嘗試登入 WordPress 網站的惡意 IP ...。
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins 》報告登錄暴力攻擊,防止和封鎖暴力登錄嘗試並創建 IP 地址黑名單,防火牆包括在內。, , 未被白名單IP需要在登錄表單中填寫一個額外的電子郵件字段。, 防火牆...。
bad_ip WP 》這是 WordPress 版的 bad_ip 外掛,用於保護和回報惡意 IP 地址的攻擊,同時添加了封鎖 Tor 端點的功能。, 除了監控和記錄您的網站上的惡意行為外,該外掛還...。
BotFirewall 》總結:BotFirewall 是一個強大且現代化的外掛程式,旨在保護您的 WordPress 網站免受惡意機器人、垃圾郵件和 DDoS 攻擊。透過高級的 JavaScript 驗證和加密 c...。