Did you ever feel like your website or blog login page is ridiculously fragile and reachable, and could be easily broken in by an intruder?<\/p>\n\n
Personally I hate to think of hundreds of people playing with my door lock hundreds of times a day. It's the same with my blog login page.<\/p>\n\n
On Wordpress, there are two main potential vectors of bruteforce intrusion:\n* http:\/\/my-site.com\/wp-login.php, which is the login page\n* http:\/\/my-site.com\/xmlrpc.php, which is an API gateway for interacting with third party applications.<\/p>\n\n
This plugin adds one security layer in front of your login page, and by the way you can also disable XML-RPC with a simple checkbox if you don't need it (XML-RPC is a WIDELY<\/strong><\/em> used vector of attacks).<\/p>\n\n The idea is simple: you choose a pair of words, and when you want to access your login page, you just have to provide them in the URL like this: http:\/\/my-site.com\/wp-login.php?word1=word2. That's all!\nIf you try to access your login page without this pair of words, you get a configurable error message, where you can insult the attacker as much as you want ;)<\/p>\n\n\n You can disable the plugin from your FTP server.\nThen login as usual, reactivate the plugin, and check your word pair.<\/p><\/dd>\n I don't know if the beerware license is GPL 2 compatible, but if you like this plugin and if we meet someday, you can buy me a beer.<\/p><\/dd>\n Yes!<\/p><\/dd>\n\n<\/dl>\n\n\n\n
\/wp-content\/plugins\/wp-login-door<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n\n
What if I lose my pair of words?<\/h3><\/dt>\n
Is that free?<\/h3><\/dt>\n
Is that all ?<\/h3><\/dt>\n
1.5<\/h4>\n\n
\n
1.4<\/h4>\n\n
\n
1.1.1<\/h4>\n\n
\n
1.1<\/h4>\n\n
\n
1.0<\/h4>\n\n
\n