WP Login Door

Did you ever feel like your website or blog login page is ridiculously fragile and reachable, and could be easily broken in by an intruder? Personally I hate to think of hundreds of people playing with my door lock hundreds of times a day. It's the same with my blog login page. On Wordpress, there are two main potential vectors of bruteforce intrusion:

• http://my-site.com/wp-login.php, which is the login page
• http://my-site.com/xmlrpc.php, which is an API gateway for interacting with third party applications. This plugin adds one security layer in front of your login page, and by the way you can also disable XML-RPC with a simple checkbox if you don't need it (XML-RPC is a WIDELY used vector of attacks).

The idea is simple: you choose a pair of words, and when you want to access your login page, you just have to provide them in the URL like this: http://my-site.com/wp-login.php?word1=word2. That's all! If you try to access your login page without this pair of words, you get a configurable error message, where you can insult the attacker as much as you want ;)

1.5

• Let go the 'postpass' standard action (used when user types a password to open a protected post)

1.4

• Removed some php notices in the administration section.

1.1.1

• Bug correction. During refactoring, I misspelled the key name sanitization callback, and it could cause problems on some installations, such as key name field not stored.

1.1

• Added a new setting to redirect home instead of displaying an error message.

1.0

• First release