Description
Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported – instead of entering codes, your user can use simple login link from within their e-mail client.
Woocommerce
Woocommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.
List with currently supported features:
- Login redirection – redirects the default wp-login.php to a slug of your choice
- Login attempts – counts the unsuccessful attempts, and locks user if there are too many
- 2FA settings – gives the ability to use two factor authentication and Out Of Band email link
- Remember devices – current device could be remembered for given amount of days and user wont be asked to login again before that
- Removes XML-RPC from your WordPress site
- Custom shortcode ([wps_custom_settings]) can be used to give the users without access to the dashboard to setup the 2FA
Login Redirection
You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.
2FA login
Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s/he will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s/he will be asked to provide the 2FA code.
Login Attempts
This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.
Remember device setting
With that, user can use given device for the given amount of days without being asked to reenter the username/pass. The devices can be removed or checked from the default user settings page.
That setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.
Example: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.
Screenshots
Installation
Manual Installation
- Download the “secured-wp.zip” file with the plugin to a location of your choice
- Upload “secured-wp.zip” by going yo plugins -> Upload plugin and then select the plugin location from step one
- Activate the plugin through the \”Plugins\” menu in WordPress.
Install from within WordPress
- Go to Plugins -> Add new
- Search for “Secured WP”
- Install and activate the plugin through the “Plugins” menu in WordPress.
FAQ
-
Can I disable some of the modules
-
Every single module can be enabled/disabled from its settings tab.
-
Can I exclude some user
-
Yes – go to users menu – select users by pressing the check box next to the username, and from the drop down menu select the action you want to perform and click Apply.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Secured WP” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Secured WP” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.1.1
Small bug fixes with redirection
2.1.0
Removed all jQuery dependency when custom page (or post) with shortcode is used for user’s settings manipulation. Fixed lots of bugs
2.0.3
- Missing class fix, uninstall script fix
2.0.2
- Added missing constants file
2.0.1
- Fixed bugs and problems, added blueprint.json
2.0.0
- Most of the plugin has been rewritten
1.0.0
- Initial release.