Mô tả
Sovaryx Login Security strengthens your WordPress site’s login security while staying lightweight and easy to operate.
Key Features
- Dashboard – Security score display with quick overview of your site’s security status
- Security Headers Scan – HTTP header validation and security recommendations
- REST API Scan – Comprehensive API endpoint security verification (18 checks)
- Login Security – Multi-layer login protection including brute force protection (enabled by default), IP restrictions with trusted proxy support, XML-RPC disable option, reCAPTCHA, Email OTP authentication with IP-based rate limiting, and threat intelligence integration
- API Protection – REST API rate limiting and user enumeration prevention
Highlights
- Lightweight design – Minimal impact on site performance
- Multi-language support – English and Japanese
- Plugin conflict detection – Automatic detection and warnings
System Requirements
- WordPress 6.0 or higher
- PHP 7.4 or higher
- MySQL 5.7+ / MariaDB 10.2+
External Services
This plugin connects to external services for certain features. Below is a description of each service, what data is sent, and when.
Google reCAPTCHA (Optional)
When you enable reCAPTCHA protection for the login page, this plugin loads Google reCAPTCHA scripts and sends verification requests.
- Service Provider: Google LLC
- What it is used for: Protecting the login page from automated bots and brute force attacks
- Data sent: User IP address, browser information, and interaction data for bot detection
- When data is sent: When the login page is loaded and when a login form is submitted
- Terms of Service: https://policies.google.com/terms
- Privacy Policy: https://policies.google.com/privacy
Threat Intelligence Services (Optional)
When threat intelligence features are enabled in Login Security settings, the plugin queries external threat databases to check visitor IP addresses for malicious activity. This helps protect your login page from known attackers.
Spamhaus
* What it is used for: Checking if an IP is listed in spam/threat databases
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.spamhaus.org
* Terms: https://www.spamhaus.org/legal/
AbuseIPDB
* What it is used for: Checking IP abuse reports
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.abuseipdb.com/legal
* Privacy Policy: https://www.abuseipdb.com/privacy
Project Honey Pot
* What it is used for: Identifying harvesters, spammers, and malicious bots
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.projecthoneypot.org
* Terms: https://www.projecthoneypot.org/terms_of_service_use.php
Cloudflare Radar
* What it is used for: Checking if an IP address is associated with malware, botnets, phishing, or spam
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.cloudflare.com/terms/
* Privacy Policy: https://www.cloudflare.com/privacypolicy/
IP2Location / IP2Proxy
* What it is used for: Detecting proxy, VPN, and Tor connections from visitor IP addresses
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.ip2location.com/terms
* Privacy Policy: https://www.ip2location.com/privacy-policy
Cài đặt
- Upload the
sovaryx-login-securityfolder to the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Sovaryx Login Security in the admin menu to configure security features
Hỏi đáp
-
What features are included?
-
Sovaryx Login Security includes:
– Security score dashboard
– Security headers scan with recommendations
– REST API security scan (18 checks)
– Login security (brute force protection, IP restrictions, reCAPTCHA, Email OTP with default templates)
– Threat intelligence integration (Spamhaus, AbuseIPDB, Project Honey Pot)
– API protection (rate limiting, user enumeration prevention) -
Can I use this with other security plugins?
-
Yes. However, if features overlap with other security plugins (such as custom login URL or brute force protection), the plugin will automatically detect and display a warning. We recommend disabling overlapping features in one of the plugins to avoid conflicts.
-
Does this affect site performance?
-
Sovaryx Login Security is designed to be lightweight. Scans are run on-demand, so they don’t affect normal page loads.
-
Will I be locked out if I deactivate the plugin?
-
No. When the plugin is deactivated, security features like IP restrictions are also disabled automatically. You can log in normally. Settings are restored when the plugin is reactivated.
Đánh giá
Không có đánh giá nào cho plugin này.
Người đóng góp & Lập trình viên
“Sovaryx Login Security” là mã nguồn mở. Những người sau đã đóng góp vào plugin này.
Những người đóng góp
Dịch “Sovaryx Login Security” sang ngôn ngữ của bạn.
Muốn tham gia phát triển?
Duyệt code, check out SVN repository, hoặc theo dõi nhật ký phát triển qua RSS.
Nhật ký thay đổi
1.0.1
- Security hardening: trusted proxy IP detection, brute force enabled by default, XML-RPC disable option, OTP IP-based rate limiting, timing-safe OTP verification
- Code quality improvements and cleanup
- Tested up to WordPress 7.0
1.0.0
- Initial release