[WordPress] 外掛分享: Web-Art Login Shield with reCAPTCHA

首頁外掛目錄 › Web-Art Login Shield with reCAPTCHA
WordPress 外掛 Web-Art Login Shield with reCAPTCHA 的封面圖片
90+
安裝啟用
★★★★★
5/5 分(5 則評價)
剛更新
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.2.0 上架:2025-12-20

內容簡介

Web-Art Login Shield with reCAPTCHA 是一款專為 WordPress 認證保護而設計的外掛,提供 Google reCAPTCHA 支援、IP 鎖定、進階登錄 URL 保護等功能,確保網站安全性,並保留 WordPress 核心認證邏輯。

【主要功能】
• 支援 Google reCAPTCHA v2/v3
• Elementor 登錄小工具和表單保護
• 每個 IP 的失敗嘗試計數及臨時鎖定
• 可選的自訂登錄端點
• IP 允許名單及阻擋功能
• XML-RPC 加固保護

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.2.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Web-Art Login Shield with reCAPTCHA」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Web-Art Login Shield with reCAPTCHA protects WordPress authentication, Elementor Login widgets and Elementor Forms.
It provides optional Google reCAPTCHA v2/v3, IP lockouts, Advanced login URL protection, IP blocking and REST/XML-RPC protection. It preserves WordPress core authentication logic.
No ads, author telemetry or external dashboard. All modules are opt-in and disabled by default.
Key Features
reCAPTCHA v2/v3

selectable v2 checkbox or v3 score-based verification
protection for wp-login.php, Elementor Login and Elementor Forms
server-side token, action, score and hostname validation where applicable
configurable v3 score threshold
one active type at a time
configuration verification before activation

Elementor support

protection for Elementor Login and Elementor Pro Forms
native Elementor reCAPTCHA fields are skipped to avoid duplication
v2 alignment controls
login errors and lockouts remain inside the Login widget
dynamic content and Elementor popup support

Login Protect

per-IP failed-attempt counting and temporary lockouts
safe concurrent-request handling
active-lockout countdown
local security event log with bounded retention
optional REST API, Application Password and XML-RPC protection
independent operation with or without reCAPTCHA

Advanced login URL

optional custom login endpoint
protection of default login routes while preserving required public actions
logout and password-link compatibility
emergency wp-config.php recovery constant

IP allowlists and blocking

separate reCAPTCHA allowlist and Login Protect trusted IP list
permanent IP blocking for public site requests with HTTP 403
optional IP | reason notes

XML-RPC hardening
Optional blocking of:

pingback.ping
pingback.extensions.getPingbacks
system.multicall

Security Model
Protected flows use fail-closed handling. If an enabled check cannot be completed safely, the request is rejected instead of bypassing protection.
Login Protect preserves active lockouts and safely handles concurrent requests. Setting Maximum login attempts or Lockout duration to 0 disables lockout enforcement.
All modules remain disabled until enabled. Recovery constants are available in wp-config.php for selected modules.
External Services
This plugin integrates with Google reCAPTCHA v2 and v3, services provided by Google LLC.
reCAPTCHA is disabled by default. Google scripts or verification requests are used only after an administrator enables reCAPTCHA or runs a settings-page verification test.
Google’s reCAPTCHA JavaScript (https://www.google.com/recaptcha/api.js) may load on protected wp-login.php requests, pages containing protected Elementor widgets or forms, and the settings page during a verification test. Allowlisted visitors bypass frontend loading where applicable.
When reCAPTCHA runs, the visitor’s browser connects directly to Google. Google may process browser, device and interaction information and may set the necessary _GRECAPTCHA cookie under its policies.
For server-side verification, the plugin sends the token, configured Secret Key and visitor IP address when available to Google’s siteverify endpoint. It does not include usernames, passwords, email addresses or form contents in that request.
The plugin sends no telemetry, analytics or usage data to its author.
Google policies:

https://policies.google.com/privacy
https://policies.google.com/terms

Privacy
Locally stored security data may include:

IP addresses, failed-attempt counts and lockout timestamps
a username or email associated with an IP lockout
recent events containing an IP address, username or email, source, type and timestamp
the latest reCAPTCHA configuration or transport error used for diagnostics
permanent IP blocklist entries and optional notes

Inactive Login Protect entries become eligible for deletion after seven days. Active lockouts remain until expiry. The event log is limited to 30 entries and 30 days.
WordPress privacy tools export or erase records matched to the requested email address or associated account. Unmatched IP-only records remain subject to retention and administrator cleanup. Permanent blocklist entries remain until removed by an administrator.
Plugin data can be removed during uninstall when uninstall cleanup is enabled.
Legal
reCAPTCHA is a trademark of Google LLC.
Elementor is a trademark of Elementor Ltd.
This plugin is not affiliated with, endorsed by, or sponsored by Google LLC or Elementor Ltd.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon