Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Web-Art Login Shield with reCAPTCHA

开发者 webartdesigning
更新时间 2025年12月26日 16:42
捐献地址: 去捐款
PHP版本: 7.4 及以上
WordPress版本: 6.9
版权: GPLv2 or later
版权网址: 版权信息

标签

recaptcha security login elementor brute-force

下载

1.0.1 1.0.0

详情介绍:

Web-Art Login Shield with reCAPTCHA is a focused security plugin that protects WordPress authentication, Elementor Login widgets and Elementor Forms against automated attacks. It strengthens wp-login.php, Elementor Login and Elementor Forms by integrating Google reCAPTCHA v2 verification and optional IP-based rate limiting, without replacing or modifying WordPress core authentication logic. The plugin is intentionally lightweight and transparent: Additionally, the plugin can apply a small XML-RPC hardening rule-set (disables a few high-risk XML-RPC methods) to reduce common abuse vectors. This does not disable XML-RPC completely. XML-RPC hardening is applied only when Login Protect is enabled and "Protect XML-RPC logins" is enabled. Each module (reCAPTCHA, Login Protect, Advanced login URL) can be enabled independently. Elementor reCAPTCHA options require reCAPTCHA to be configured and verified.

安装:

To use reCAPTCHA protection, obtain reCAPTCHA v2 Site Key and Secret Key from Google and configure them in the plugin settings.
  1. Install the plugin by uploading the ZIP via Plugins -> Add New -> Upload Plugin, or install it from the WordPress plugin directory after it is published.
  2. Activate the plugin.
  3. Open the plugin settings page in the WordPress admin area.
  4. (Optional) Enter Google reCAPTCHA v2 Site Key and Secret Key.
  5. Save the keys and click Verify reCAPTCHA (if provided).
  6. After successful verification, reCAPTCHA will be enabled automatically.
  7. (Optional) Enable Login Protect lockouts and configure limits and allowlists.
  8. (Optional) Enable Elementor Login and/or Elementor Forms protection.
  9. (Optional) Enable Advanced login options (toggle) and review the generated slugs. Important: copy and store your custom login URL.

屏幕截图:

  • Login Protect settings panel
  • Security event log and blocked IP list
  • WordPress login screen (wp-login.php)
  • Elementor Login widget (frontend)
  • Elementor Form (Elementor Pro)

常见问题:

Do I need reCAPTCHA keys?

Yes. To use reCAPTCHA protection you must configure a reCAPTCHA v2 Site Key and Secret Key in the plugin settings.

Why can’t I enable Elementor reCAPTCHA options?

Elementor Login and Elementor Forms reCAPTCHA can be enabled only after reCAPTCHA v2 is configured and successfully verified in the plugin settings.

Does the reCAPTCHA IP allowlist apply to Elementor too?

Yes. IPs added to the reCAPTCHA allowlist bypass reCAPTCHA checks on wp-login.php, Elementor Login and Elementor Forms. This bypass applies only to reCAPTCHA — Login Protect rate limits and lockouts may still apply.

What happens if Google reCAPTCHA verification is unreachable?

If reCAPTCHA protection is enabled for the given login or form and verification cannot be completed, the request is rejected to reduce the risk of automated bypass. Administrators can disable the feature in plugin settings or deactivate the plugin via hosting or FTP.

Are protections active immediately after installation?

No. Login protection modules are disabled by default and must be explicitly enabled by an administrator.

Does the plugin disable XML-RPC completely?

No. The XML-RPC endpoint is not disabled. The plugin can optionally disable a small set of high-risk XML-RPC methods (pingback and system.multicall) when Login Protect is enabled and "Protect XML-RPC logins" is enabled. Login Protect can also optionally apply rate limiting/lockouts to XML-RPC authentication attempts under the same conditions.

What if Elementor (or another plugin/theme) already adds reCAPTCHA (v2/v3)?

For Elementor Login widgets and Elementor Forms, the plugin avoids injecting a second reCAPTCHA widget if it detects an existing widget or an existing g-recaptcha-response field on the form. If a g-recaptcha-response token is submitted, the plugin will use it for server-side verification. To avoid conflicts (duplicate widgets, mixed keys, different versions), it is recommended to keep only one reCAPTCHA integration active for a given login/form flow (including wp-login.php).

How does Advanced login URL work?

When Advanced is enabled, wp-login.php and wp-admin are protected for non-authenticated visitors. The login screen is served only under the configured custom login URL slug. Both slug fields are required when Advanced is enabled, and saving is blocked if any field is empty. The default recommended redirect slug is "404" (redirects to /404/ so your theme can display its 404 template).

Is the Advanced login URL slug translated per site language?

No. The Advanced login URL uses a single configured slug value. If you run a multilingual site, choose a neutral slug that you want to use across languages.

更新日志:

1.0.1 1.0.0