[WordPress] 外掛分享： Login Delay Shield

內容簡介

Login Delay Shield 透過在登入失敗後加入可設定的延遲時間，有效防禦暴力破解攻擊。成功登入不受影響，合法使用者毫無感覺，卻能大幅拖慢機器人的密碼嘗試速度，為 WordPress 網站增添一層實用的安全防護。

【主要功能】
• 登入失敗後自動延遲，支援固定或隨機秒數
• 同一 IP 連續失敗時延遲遞增
• 超過失敗次數自動鎖定 IP
• IP 白名單，支援 CIDR 格式
• 失敗登入紀錄與控制台小工具
• XML-RPC 驗證防護，可延遲或完全封鎖

外掛標籤

開發者團隊

原文外掛簡介

WordPress is one of the most widely used content management systems on the internet, making it a frequent target for bots and hackers attempting brute-force attacks.
A brute-force attack works by systematically trying passwords until finding the correct one. Login Delay Shield defends against this by adding a configurable delay after each failed login attempt. Since successful logins are never delayed, legitimate users experience no slowdown. This approach is particularly effective against bots that send thousands of login requests, as each failed attempt forces the attacker to wait before trying the next password.
Features:

Login delay — Fixed or random delay on failed login attempts (1-10 seconds)
Progressive delay — Delay increases with each consecutive failed attempt from the same IP
IP lockout — Temporarily block IP addresses after too many failed attempts
Username-aware lockout strategy — Choose IP only or IP + username to reduce false positives on shared networks
Login feedback — Shows remaining attempts before lockout and a lockout countdown when blocked
IP whitelist — Bypass all security measures for trusted IPs (supports CIDR notation)
Email notifications — Receive alerts when failed login thresholds are reached
Failed login log — Track all failed attempts with a dashboard widget showing recent activity
XML-RPC protection — Apply delays to XML-RPC authentication or block it entirely
Log retention — Automatic cleanup of old log entries (configurable retention period)
Accessible admin interface — WCAG 2.1 compliant with keyboard navigation and screen reader support
Multilingual — Translated into 18 languages including French, German, Spanish, Japanese, Chinese, Arabic, and more
Lightweight and compatible with other security plugins

This plugin is not a complete security solution — dedicated security plugins offer more comprehensive protection. However, Login Delay Shield adds an effective layer of defense that works alongside your existing security measures without conflict.
Note: This plugin was formerly known as “WP Login Delay”.

延伸相關外掛

WPS Hide Login中文 WPS Hide Login 是一個非常輕量的外掛，讓您輕鬆且安全...Security Optimizer – The All-In-One Protection Plugin透過精心挑選且易於配置的功能，SiteGround Security 外掛提...LoginizerLoginizer 是一款 WordPress 安全防護外掛，主要用於阻擋暴力...Limit Login Attempts此外掛可限制正常登入及使用驗證 cookies 登入的次數。 WordP...LoginPress | wp-login Custom Login Page CustomizerLoginPress 外掛提供了很多自訂欄位，可以更改 WordPress 登...WPS Limit Login繁體中文 限制通過登錄頁面和使用權限Cookie可能的登錄嘗試次...Login Lockdown & ProtectionLogin LockDown 記錄每次失敗的登入嘗試的 IP 位址和時間戳記...WP Ghost (Hide My WP Ghost) – Security & FirewallWP Ghost (前稱 Hide My WP Ghost) 是一款專業級的 WordPress...Custom Login Page CustomizerCustom Login Page Customizer 外掛可讓您輕鬆地從 WordPress...WP fail2ban – Advanced SecurityFail2ban是您可以實施來保護 WordPress 網站的最簡單和最有效...All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.Change wp-admin login 是一個輕量級的外掛程式，可讓您輕鬆...WP Hide & Security EnhancerWP Hide & Security Enhancer 外掛能有效隱藏您的 WordPr...Theme My Login曾經希望您的 WordPress 登入頁面與網站的其餘部分相匹配嗎？...Login No Captcha reCAPTCHA此外掛新增了 Google 無人類驗證功能的勾選框，可應用於您的 ...WP-Members Membership PluginWP-Members 是老牌的 WordPress 會員制外掛，提供內容限制、...