[WordPress] 外掛分享: Techbox Login Security

首頁外掛目錄 › Techbox Login Security
WordPress 外掛 Techbox Login Security 的封面圖片
全新外掛
安裝啟用
尚無評分
2 天前
最後更新
問題解決
WordPress 6.2+ PHP 7.4+ v1.1.11 上架:2026-07-14

內容簡介

Techbox Login Security 外掛加強了 WordPress 的登入流程,透過限制登入嘗試、IP 存取名單、活動日誌等功能,提供網站更高的安全性,並確保管理者能輕鬆操作。

【主要功能】
• 登入嘗試限制:可設定最大嘗試次數及鎖定時間
• IP 存取名單:允許/拒絕名單功能
• 活動日誌:記錄失敗登入及成功登入
• 自訂登入訊息:可調整錯誤訊息
• 隱私/GDPR 通知:登入頁面及頁尾通知
• 活躍會話:查看當前登入用戶並終止會話

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.1.11) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Techbox Login Security」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Techbox Login Security hardens the WordPress sign-in flow. It protects wp_authenticate() — the standard wp-login.php form and classic WooCommerce My Account / checkout login — with brute-force lockouts, IP access lists, activity logging, and a clear, operator-friendly admin experience.
Enforcement runs on WordPress login hooks (defense in depth at credential time). It is not a pre-WordPress WAF and does not replace edge protection like Cloudflare or a server firewall — it catches the login attempts that reach your site.
Features

Login attempt limits — configurable max attempts, time-based lockout, failure-decay window, and an escalating long lockout for repeat offenders.
IP access lists — allow/deny lists; the allow list bypasses limits.
Proxy-aware client IP — optional, opt-in X-Forwarded-For trust for sites behind a CDN/reverse proxy.
Activity log & dashboard — failed logins, successful sign-ins, lockouts, and an at-a-glance security overview.
Channel policy — explicit handling for XML-RPC and REST application-password logins.
Login messaging — customizable error messages and optional pre-lockout attempt feedback (WordPress-default or custom).
Privacy / GDPR notices — optional login-page and footer notices that link to your privacy policy.
Lockout email notifications — site-wide lockout-event emails with a test send.
Custom login URL — optional secret login path with a gate on wp-login.php.
Login lockdown — temporarily restrict sign-in with role / username / IP bypass.
Active sessions — view currently signed-in users and end (kick) a session.
Email verification at login — optional, role-scoped email code at sign-in (off by default). This is a lightweight email verification step, not TOTP/SMS MFA.

Recommended defaults
On a fresh install Techbox Login Security applies a sensible “out of the box” posture so the site is protected immediately: login limits on (5 attempts / 15-minute lockout / 24-hour failure decay, escalating to a 24-hour lockout after repeat strikes), failed logins logged, attempt feedback and the footer privacy notice on. Optional features (custom login URL, lockout emails, email login codes, login lockdown) stay off until you configure them. Every settings section has a Restore recommended action.
Privacy
All storage is local to your site. The activity log includes IP addresses and usernames so you can audit sign-ins; remove or restrict access if your policies require it. This plugin makes no external API calls — login-security enforcement, logging, and all data storage run entirely on your own site, and no data is sent anywhere.
Techbox Login Security Pro
A separate Pro version is available from Techbox Design for sites that need more. It builds on everything here and adds country (geo) blocking, CSV export, username and probe (enumeration) policies, bot login protection, and session ban controls. Pro is optional — this free plugin is fully functional on its own.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon