內容簡介
Login Delay Shield 是一款專為 WordPress 設計的安全外掛,透過在每次登入失敗後添加延遲,來防止暴力破解攻擊。這樣的設計不僅能有效減少自動化攻擊的成功率,還能確保合法用戶的登入體驗不受影響。
【主要功能】
• 登入延遲 — 設定固定或隨機延遲(1-10 秒)
• 漸進式延遲 — 連續失敗後延遲時間逐漸增加
• IP 鎖定 — 超過失敗次數後暫時封鎖 IP 地址
• 使用者名稱鎖定策略 — 降低共享網路的誤鎖風險
• 登入反饋 — 顯示剩餘嘗試次數及鎖定倒數
• IP 白名單 — 信任 IP 可繞過所有安全措施
外掛標籤
開發者團隊
原文外掛簡介
WordPress is one of the most widely used content management systems on the internet, making it a frequent target for bots and hackers attempting brute-force attacks.
A brute-force attack works by systematically trying passwords until finding the correct one. Login Delay Shield defends against this by adding a configurable delay after each failed login attempt. Since successful logins are never delayed, legitimate users experience no slowdown. This approach is particularly effective against bots that send thousands of login requests, as each failed attempt forces the attacker to wait before trying the next password.
Features:
Login delay — Fixed or random delay on failed login attempts (1-10 seconds)
Progressive delay — Delay increases with each consecutive failed attempt from the same IP
IP lockout — Temporarily block IP addresses after too many failed attempts
Username-aware lockout strategy — Choose IP only or IP + username to reduce false positives on shared networks
Login feedback — Shows remaining attempts before lockout and a lockout countdown when blocked
IP whitelist — Bypass all security measures for trusted IPs (supports CIDR notation)
Email notifications — Receive alerts when failed login thresholds are reached
Failed login log — Track all failed attempts with a dashboard widget showing recent activity and 7-day trends
XML-RPC protection — Apply delays to XML-RPC authentication or block it entirely
Custom login URL — Move the login page to a custom URL to reduce automated bot traffic targeting /wp-login.php
Log retention — Automatic cleanup of old log entries (configurable retention period)
Accessible admin interface — WCAG 2.1 compliant with keyboard navigation and screen reader support
Multilingual — Translated into 18 languages including French, German, Spanish, Japanese, Chinese, Arabic, and more
Lightweight and compatible with other security plugins
This plugin is not a complete security solution — dedicated security plugins offer more comprehensive protection. However, Login Delay Shield adds an effective layer of defense that works alongside your existing security measures without conflict.
Note: This plugin was formerly known as “WP Login Delay”.
Contribute
Found a bug or want to suggest an improvement? Open a thread in the support forum on WordPress.org.
Want to help translate the plugin into your language? Visit translate.wordpress.org.
