Categories

  • Access & Security 95
  • Administration 171
  • Advertisement 92
  • Audio & Video 66
  • Author & Content 99
  • Comments 96
  • Communication 110
  • Communities & Forums 84
  • Development 47
  • E-Commerce 76
  • Email Management 53
  • Events & Calendars 80
  • Language 25
  • Map & Weather 44
  • Migration & Conversion 28
  • Miscellaneous 254
  • Mobile 15
  • Photos 143
  • Plugins 260
  • SEO & Site Speed 118
  • Social 186
  • Theme Enhancement 169



  • Add this plugin to a List

    You need to be logged in to add this plugin to your list.

    Login Security Solution

    Add to List

    A simple way to lock down login security for multisite and regular
    WordPress installations.

    • Blocks brute force and dictionary attacks without inconveniencing
      legitimate users or administrators

      • Tracks IP addresses, usernames, and passwords
      • Monitors logins made by form submissions, XML-RPC requests and
        auth cookies
      • If a login failure uses data matching a past failure, the plugin
        slows down response times. The more failures, the longer the delay.
        This limits attackers ability to effectively probe your site,
        so they’ll give up and go find an easier target.
      • If an account seems breached, the “user” is immediately logged out
        and forced to use WordPress’ password reset utility. This prevents
        any damage from being done and verifies the user’s identity. But
        if the user is coming in from an IP address they have used in the
        past, an email is sent to the user making sure it was them logging in.
        All without intervention by an administrator.
      • Can notify the administrator of attacks and breaches
      • Supports IPv6
    • Thoroughly examines and enforces password strength. Includes full
      UTF-8 character set support if PHP’s mbstring extension is enabled.
      The tests have caught every password dictionary entry I’ve tried.

      • Minimum length (customizable)
      • Doesn’t match blog info
      • Doesn’t match user data
      • Must either have numbers, punctuation, upper and lower case characters
        or be very long. Note: alphabets with only one case (e.g. Arabic,
        Hebrew, etc.) are automatically exempted from the upper/lower case
        requirement.
      • Non-sequential codepoints
      • Non-sequential keystrokes (custom sequence files can be added)
      • Not in the password dictionary files you’ve provided (if any)
      • Decodes “leet” speak
      • The password/phrase is not found by the dict dictionary
        program (if available)
    • Blocks discovering user names via the “?author=” query string

    • Password aging (optional) (not recommended)

      • Users need to change password every x days (customizable)
      • Grace period for picking a new password (customizable)
      • Remembers old passwords (quantity is customizable)
    • Administrators can require all users to change their passwords

      • Done via a flag in each user’s database entry
      • No mail is sent, keeping your server off of spam lists
    • Logs out idle sessions (optional) (idle time is customizable)

    • Maintenance mode (optional)

      • Publicly viewable content remains visible
      • Disables logins by all users, except administrators
      • Logs out existing sessions, except administrators
      • Disables posting of comments
      • Useful for maintenance or emergency reasons
      • This is separate from WordPress’ maintenance mode
    • Prevents information disclosures from failed logins

    Improvements Over Similar WordPress Plugins

    • Multisite network support
    • Monitors authentication cookies for bad user names and hashes
    • Tracks logins from XML-RPC requests
    • Adjusts WordPress’ password policy user interfaces
    • Takes security seriously so the plugin itself does not open your site
      to SQL, HTML, or header injection vulnerabilities
    • Notice-free code means no information disclosures if display_errors
      is on and error_reporting includes E_NOTICE
    • Only loads files, actions, and filters needed for enabled options
      and the page’s context
    • Provides an option to have deactivation remove all of this plugin’s
      data from the database
    • Uses WordPress’ features rather than fighting or overriding them
    • No advertising, promotions, or beacons
    • Proper internationalization support
    • Clean, documented code
    • Unit tests covering 100% of the main class
    • Internationalized unit tests

    For reference, the similar plugins include:

    Compatibility with Other Plugins

    Some plugins provide similar functionality. These overlaps can lead to
    conflicts during program execution. Please read the FAQ!

    Translations

    • Deutsche, Deutschland (German, Germany) (de_DE) by Christian Foellmann
    • Français, français (French, France) (fr_FR) by mermouy and and Fx Bénard
    • Italiano, Italia (Italian, Italy) (it_IT) by Daniele Passalacqua
    • 日本語, 日本国 (Japanese, Japan) (ja_JP) by motoyamayuki
    • Nederlands, Nederland (Dutch, Netherlands) (nl_NL) by Friso van Wieringen
    • polski, Polska (Polish, Poland) (pl_PL) by Michał Seweryniak miniol
    • Português, Brasil (Portugese, Brazil) (pt_BR) by Valdir Trombini
    • suomi, Suomi (Finnish, Finland) (fi_FI) by Juha Remes Newman101

    Source Code, Bugs, and Feature Requests

    Development of this plugin happens on
    GitHub.
    Please submit
    bug and feature requests,
    pull requests,
    wiki entries
    there.
    Releases are then squashed and pushed to WordPress’
    Plugins SVN repository.
    This division is necessary due having being chastised that “the Plugins SVN
    repository is a release system, not a development system.”

    Old tickets are in the Plugins Trac.

    Strong, Unique Passwords Are Important

    Yeah, creating, storing/remembering, and using a different, strong
    password for each site you use is a hassle. But it is absolutely
    necessary.

    Password lists get stolen on a regular basis from big name sites (like
    Linkedin for example!). Criminals then have unlimited time to decode the
    passwords. In general, 50% of those passwords are so weak they get figured
    out in a matter of seconds. Plus there are computers on the Internet
    dedicated to pounding the sites with login attempts, hoping to get lucky.

    Many people use the same password for multiple sites. Once an attacker
    figures out your password on one site, they’ll try it on your accounts at
    other sites. It gets ugly very fast.

    But don’t despair! There are good, free tools that make doing the right
    thing a piece of cake. For example: KeePassX,
    KeePass,
    or 1Password

    Securing Your WordPress Site is Important

    You’re probably thinking “There’s nothing valuable on my website. No one
    will bother breaking into it.” What you need to realize is that attackers
    are going after your visitors. They put stealth code on your website
    that pushes malware into your readers’ browsers.

    According to SophosLabs more than 30,000 websites are infected
    every day and 80% of those infected sites are legitimate.
    Eighty-five percent of all malware, including viruses, worms,
    spyware, adware and Trojans, comes from the web. Today,
    drive-by downloads have become the top web threat.

    Security Threat Report 2012

    So if your site does get cracked, not only do you waste hours cleaning up,
    your reputation gets sullied, security software flags your site as dangerous,
    and worst of all, you’ve inadvertently helped infect the computers of your
    clients and friends. Oh, and if the attack involves malware, that malware
    has probably gotten itself into your computer.

    Actions

    • login_security_solution_insert_fail
    • login_security_solution_notify_breach
    • login_security_solution_notify_fail
    • login_security_solution_fail_tier_dos

    Filters

    The following filters allow customizing email subjects and messages. If
    either the “subject”or “message” filters in a method returns an empty
    string, the given method will skip calling wp_mail().

    • login_security_solution_notify_breach_subject
    • login_security_solution_notify_breach_message
    • login_security_solution_notify_breach_user_subject
    • login_security_solution_notify_breach_user_message
    • login_security_solution_notify_fail_subject
    • login_security_solution_notify_fail_message

    Unit Tests

    A thorough set of unit tests are found in the tests directory.

    The plugin needs to be installed and activated before running the tests.

    To execute the tests, cd into this plugin’s directory and
    call phpunit tests

    Translations can be tested by changing the WPLANG value in wp-config.php.

    Please note that the tests make extensive use of database transactions.
    Many tests will be skipped if your wp_options and wp_usermeta tables
    are not using the InnoDB storage engine.

    Removal

    1. This plugin offers the ability to remove all of this plugin’s settings
      from your database. Go to WordPress’ “Plugins” admin interface and
      click the “Settings” link for this plugin. In the “Deactivate” entry,
      click the “Yes, delete the damn data” button and save the form.

    2. Use WordPress’ “Plugins” admin interface to click the “Deactivate” link

    3. Remove the login-security-solution directory from the server

    In the event you didn’t pick the “Yes, delete the damn data” option or
    you manually deleted the plugin, you can get rid of the settings by running
    three queries. These queries are exapmles, using the default table name
    prefix of, wp_. If you have changed your database prefix, adjust the
    queries accordingly.

        DROP TABLE wp_login_security_solution_fail;
    
        DELETE FROM wp_options WHERE option_name LIKE 'login-security-solution%';
    
        DELETE FROM wp_usermeta WHERE meta_key LIKE 'login-security-solution%';= Inspiration and References =
    

    To Do

    • Provide a user interface to the fail table.
    Rate This Plugin

    Please Login to Rate this Plugin!

    Function

    Feature

    Support

    0 Votes
    Not Rated Yet

    Wordpress.org Stats

    Ratings4.4
    Votes53
    Downloads277,868
    Last Updated1157 Days ago
    Published8 years ago

    Report Wrong Category!

    Do you think this Plugin belongs to another Category?

    What Category Should this Plugin belong to? *

    Reason *

    Create a Plugin List

    You need to be Logged in to Create a Plugin List.

    Submit A plugin

    You need to be logged in to submit a plugin.

    Help

    WPD is the unofficial online plugin directory of WordPress.

    An attempt has been made to list Only functional, active,efficient and up-to-date plugins.

    Categorized : Plugin are listed by category and subcategory based on functionality and uses. Here you can browse wordpress plugin from our neatly categorized plugin directory and sort the plugins by rating, votes, last updated and published and search plugins using tags.

    Search : Plugins can be searched by their functionality using multi-tag search and you can search plugins using their exact name although we are not ensuring Google like search accuracy.

    Create Plugin Lists : You will be able to create list of plugins and share them with Wordpress Community or you can keep them private and use them as a bookmarks.
    e.g. Plugins That I’ve Used on My Site, Best Event Management Plugins, Christmas Plugins etc.

    If you think certain awesome plugin is not in the directory then notify us through our Submit a Plugin page.

    Browsing the Plugin Directory

    Browse by Category

    In WPD, Plugins are categorized carefully. You can browse all the categories from the homepage or you can access the category lists from any page by clicking the button from the left of the website.


    Browse by Tags

    Each plugin listed in WPD is marked with useful tags. You can browse plugins by Tags from the All Tags page


    Searching in WPD

    Multi Tag Search

    You can search plugins using multiple tags. To perform a multi-tag search. Go to Homepage and then in the search field type any keywords or tags(comma separated) and then click on the search button. To search plugins from a selected category just select the category from the dropdown and type your tags.


    Searching a specific Plugin in WPD

    If you want to find a specific plugin in our directory, Go to Homepage and then select the "Search in Title" option. Then write the name of the plugin and click the search button to find the Plugin.


    Plugin Lists

    Whats a Plugin List

    Plugin Lists are user created lists of plugins. Any registered users can create Plugin Lists and share it with anyone or make it private.


    Why Create a plugin List?
    • Easy to keep track of your favourite and useful plugin.

    • Share list of plugins on blogs, social media or to a client.

    • Keep a track of what plugins you installed in which of your blogs by creating a list for each blog



    Creating a Plugin List

    To create a Plugin List, click the button from the left of the page; a popup box will appear. In the "List Name" field, put the name of the List. eg: Best Seo plugins for your site.
    In the Description field, put a few words describing the List.
    By default, lists are automatically published as public, which is visible to everyone. If you do not want others to see the List, select "Private" from the dropdown list. Then click the "Create List" button to create the list.


    Adding Plugins to your List

    To add a plugin to your List, go to a plugin page and click the "Add to List" button. A popup box will appear where you can select in which of your list you want to add this plugin. You can add a note if you want, this note will appear below the plugin in your list.
    P.S: You can only add plugins that are in our directory.

    Your Lists will appear in our "Plugin Lists" page when you set the list as "Public" and your list contains atleast 2 plugins.


    Editing your Lists

    When you are on your list page, notice there is a button on the top right corner of the page. Click it to edit the List Name and the List Description.


    Accessing All your Lists

    You can access all your Plugin lists by going to your profile and clicking the "Lists" tab.


    Removing your Lists

    You can remove your Plugin lists by going to your profile and clicking the "Lists" tab. on top right of each list click the button to remove the list completely.

    While tremendous effort has been put to keep this directory precise and complete, still errors and omissions are unavoidable and possible. We welcome any suggestions for corrections, deletions, and idea that might improve the overall experience.

    To submit a Feedback click the from the bottom right corner of the site.

    Register or log in to assess the record