跳至主要內容
WordPress.org

Taiwan 正體中文

  • 佈景主題目錄
  • 外掛目錄
  • 最新消息
  • 技術支援
  • 關於我們
  • 團隊
  • 取得 WordPress
取得 WordPress
WordPress.org

Plugin Directory

eSherpa Login Guard

  • 提交外掛
  • 我的最愛
  • 登入
  • 提交外掛
  • 我的最愛
  • 登入

eSherpa Login Guard

由 Ralf Naumann 開發
下載
  • 詳細資料
  • 使用者評論
  • 安裝方式
  • 開發資訊
技術支援

外掛說明

eSherpa Login Guard effectively and intelligently protects your WordPress site from brute-force attacks – Swiss precision, completely without external dependencies.

Key Features:

  • Progressive lockout durations: Lockout time automatically doubles on repeat offenses (e.g., 15 → 30 → 60 → 120 minutes).
  • Immediate lockout for defined “protected” usernames (e.g., “admin”, “test”) – independent of the normal counter.
  • Clear countdown display and “X attempts remaining” notice on the login page.
  • Live alarm in the admin overview for new failed attempts (automatic refresh).
  • Red badge in the admin menu when IPs are actively locked.
  • Detailed logs: Failed attempts with attempted username + successful logins/logouts.
  • XML-RPC Honeypot: When XML-RPC is disabled, a fake user list is returned – attackers try these names and immediately trigger lockout.
  • Block REST API user endpoint (/wp-json/wp/v2/users hidden).
  • Redirect author archives (prevent ?author=1).
  • Privacy-compliant: IPs stored only as anonymized hashes.
  • Automatic cleanup of old failed attempts (configurable).
  • Email notification to admin on attacks against existing users.

Developed in Switzerland – fast, clean, performant, and multilingual ready.

Compatible with WordPress 6.9 and PHP 8.3.

螢幕擷圖

  • Lockout message with large countdown and plugin credit
  • Early warning on login page with remaining attempts
  • Admin overview with currently locked IPs, live alarm, and unblock option
  • Detailed logs of failed attempts (including attempted username)
  • Successful logins & logouts in separate view

安裝方式

  1. Search for the plugin in “Plugins → Add New” or upload and activate.
  2. Optional: Adjust settings under “Login Guard” in the admin menu (e.g., max failed attempts, base lockout time, protected usernames).
  3. Done – protection runs automatically.

常見問題集

How are IPs stored?

Only as anonymized MD5 hashes – no plain-text IPs in the database (GDPR-compliant).

Can I manually unblock IPs?

Yes – directly in the admin overview with one click (counter is reset).

Does it work with caching plugins?

Yes – protection hooks early on wp-login.php, before caching.

What happens on successful login?

All counters and locks for that IP are immediately cleared.

Can I still use XML-RPC?

Yes – simply disable the option. When enabled, XML-RPC is fully disabled and a honeypot is activated.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈eSherpa Login Guard〉的開發相關工作。

參與者
  • Ralf Naumann

將〈eSherpa Login Guard〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄。

變更記錄

2.5.4

  • Fix: Immediate lockout for protected usernames (honeypot usernames) was setting back attemts and multipliers
  • Sort by IP -> Better overview for single IP hashs.
  • Improved design for mobile

2.5.1

  • Immediate lockout for protected usernames (honeypot usernames)
  • Live alarm for new failed attempts on admin page
  • Email notification on attacks against existing users
  • Extended XML-RPC honeypot with configurable fake users
  • Automatic cleanup of old failed attempts
  • Improved design and many detail enhancements

2.1.1

  • Full multilingual support (DE/EN/FR/IT)
  • Confirmed compatibility with WordPress 6.9 and PHP 8.3
  • Minor optimizations

2.0

  • Introduced progressive lockout times
  • Admin menu with red badge for active locks
  • Improved user guidance

1.0

  • Initial stable release

中繼資料

  • 版本 2.5.4
  • 最後更新 1 個月前
  • 啟用安裝數 少於 10 次
  • WordPress 版本需求 5.6 或更新版本
  • 已測試相容的 WordPress 版本 6.9.1
  • PHP 版本需求 7.4 或更新版本
  • 語言
    English (US)
  • 標籤
    brute force protectionlogin securitysecurity
  • 進階檢視

評分

這個項目尚無任何評論記錄。

新增使用者評論

查看全部使用者評論

參與者

  • Ralf Naumann

技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

檢視技術支援論壇

  • 關於我們
  • 最新消息
  • 主機代管
  • 隱私權
  • 展示網站
  • 佈景主題目錄
  • 外掛目錄
  • 區塊版面配置目錄
  • Learn
  • 技術支援
  • 開發者資源
  • WordPress.tv ↗
  • 共同參與
  • 活動
  • 贊助基金會 ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org

Taiwan 正體中文

  • 查看我們的 X (之前的 Twitter) 帳號
  • Visit our Bluesky account
  • 造訪我們的 Mastodon 帳號
  • Visit our Threads account
  • 造訪我們的 Facebook 粉絲專頁
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
程式碼,如詩