Limit the number of login attempts through the login form, XML-RPC requests or using auth cookies. Restrict access with Black Access List and White Access List. Track user and intruder activity.
=How does WP Cerber protect sites?=
By default WordPress allows unlimited login attempts either through the login form or by sending special cookies. This allows passwords to be cracked with relative ease via brute force attack.
WP Cerber blocks intruders by IP or subnet from making further attempts after a specified limit on retries is reached, making brute force attacks or distributed brute force attacks from botnet impossible.
You will be able to create a Black Access List or White Access List to block or allow logins from particular IP.
Moreover, you can create your custom login page and forget about automatic attacks to the default wp-login.php, which takes your attention and consumes a lot of server resources. If an attacker tries to access wp-login.php they will get a 404 Error response.
WP Cerber tracks time, IP addresses and usernames for successful and failed login attempts, logins, logouts, password changes, blocked IP and actions taken by itself.
You can hide WordPress dashboard (/wp-admin/) when a user isn't logged in. If a user isn't logged in and they attempt to access the dashboard by requesting /wp-admin/, WP Cerber will return a 404 Error.
Massive botnet brute force attack? That's no longer a problem. Citadel mode will automatically be activated for awhile and prevent your site from making further attempts to log in with any username.
Features you'll love
- Limit login attempts when logging in by IP address or subnet Class C.
- Monitors logins made by login forms, XML-RPC requests or auth cookies.
- Permit or restrict logins by White Access list and Black Access List with IP or subnet.
- Log all activities related to the logging in/out process.
- Hide wp-login.php from possible attacks and return 404 HTTP Error.
- Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn't logged in.
- Make custom URL for logging in (rename wp-login.php).
- Disable automatic redirecting to login page.
- Proactively block IP subnet class C for intruder's IP.
- Immediately block IP or subnet when attempting to log in with non-existent username.
- Citadel mode for massive/slow brute force attack.
- View and filter out activities list by IP, username or particular event.
- Handles site/server behind reverse proxy.
- Optional admin notification by email.
- Ready for fail2ban HTTP headers.
- WP Cerber doesn't rely on any external service (unlike other similar plugins) and doesn't send any data outside to work.
Translations
- English
- German, thanks to mario
- French, thanks to hardesfred
- Russian
I am passionate about building a great solutions so, please, write your review or even give a five-star rating here.
Have a question? Get help here!
Do you have a suggestion? Help us improve WP Cerber!
There are semi-similar security plugins: Login LockDown, Login Security Solution, BruteProtect, Ajax Login & Register, Lockdown WP Admin, BulletProof Security, SiteGuard WP Plugin, All In One WP Security & Firewall
P.S. Check out my new Google Translate Widget