Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported - instead of entering codes, your user can use simple login link from within their e-mail client.
Woocommerce
Woocommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.
List with currently supported features:
- Login redirection - redirects the default wp-login.php to a slug of your choice
- Login attempts - counts the unsuccessful attempts, and locks user if there are too many
- 2FA settings - gives the ability to use two factor authentication and Out Of Band email link
- Remember devices - current device could be remembered for given amount of days and user wont be asked to login again before that
- Removes XML-RPC from your WordPress site
- Custom shortcode ([wps_custom_settings]) can be used to give the users without access to the dashboard to setup the 2FA
Login Redirection
You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.
2FA login
Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s/he will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s/he will be asked to provide the 2FA code.
Login Attempts
This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.
Remember device setting
With that, user can use given device for the given amount of days without being asked to reenter the username/pass. The devices can be removed or checked from the default user settings page.
That setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.
Example: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.
Manual Installation
- Download the "secured-wp.zip" file with the plugin to a location of your choice
- Upload "secured-wp.zip" by going yo plugins -> Upload plugin and then select the plugin location from step one
- Activate the plugin through the \"Plugins\" menu in WordPress.
Install from within WordPress
- Go to Plugins -> Add new
- Search for "Secured WP"
- Install and activate the plugin through the "Plugins" menu in WordPress.
2.1.1
Small bug fixes with redirection
2.1.0
Removed all jQuery dependency when custom page (or post) with shortcode is used for user's settings manipulation. Fixed lots of bugs
2.0.3
- Missing class fix, uninstall script fix
2.0.2
- Added missing constants file
2.0.1
- Fixed bugs and problems, added blueprint.json
2.0.0
- Most of the plugin has been rewritten
1.0.0