Cerber Security & Limit Login Attempts

Screenshots

Defends WordPress against brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies. Restricts access with a Black IP Access List and a White IP Access List. Tracks user and intruder activity with powerful email, mobile and desktop notifications. Stop spam: activates reCAPTCHA for protecting registration and comments forms. Hardening WordPress. Features you will love Limit login attempts when logging in by IP address or entire subnet. Monitors logins made by login forms, XML-RPC requests or auth cookies. Permit or restrict access by White IP Access list and Black IP Access List with a single IP, IP range or subnet. Log all activities related to the logging in/out process. Cool notifications with powerful filters Hide wp-login.php, wp-signup.php and wp-register.php from possible attacks and return 404 HTTP Error. Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn’t logged in. Create Custom login URL (rename wp-login.php). Immediately block IP or subnet when attempting to log in with non-existent or prohibited username. Disable WP REST API Disable XML-RPC (block access to the XML-RPC interface including Pingbacks and Trackbacks) Disable feeds (block access to the RSS, Atom and RDF feeds) Restrict access to XML-RPC, REST API and feeds by White IP Access list with IP or IP range. Disable automatic redirecting to login page. Stop user enumeration (block access to the pages like /?author=n) Proactively block IP subnet class C for intruder’s IP. Antispam: reCAPTCHA to protect WordPress register and comment forms. reCAPTCHA for WooCommerce & WordPress forms. Invisible reCAPTCHA for WordPress comments forms Citadel mode for massive brute force attack. Play nice with fail2ban: write failed attempts to the syslog or a custom log file. Filter out and inspect activities by IP address, user, username or a particular activity. Filter out activities and export them to a CSV file. Limit login attempts works on a site/server behind a reverse proxy. Notifications by email or mobile push notifications. Trigger and action for the jetFlow.io automation plugin. Limit login attempts done right By default, WordPress allows unlimited login attempts through the login form, XML-RPC or by sending special cookies. This allows passwords to be cracked with relative ease via brute force attack. WP Cerber blocks intruders by IP or subnet from making further attempts after a specified limit on retries is reached, making brute force attacks or distributed brute force attacks from botnets impossible. You will be able to create a Black IP Access List or White IP Access List to block or allow logins from a particular IP address, IP address range or a subnet any class (A,B,C). Moreover, you can create your Custom login page and forget about automatic attacks to the default wp-login.php, which takes your attention and consumes a lot of server resources. If an attacker tries to access wp-login.php they will be blocked and get a 404 Error response. Log, filter out and export activities WP Cerber tracks time, IP addresses and usernames for successful and failed login attempts, logins, logouts, password changes, blocked IP and actions taken by itself. You can export them to a CSV file. Limit login attempts reinvented You can hide WordPress dashboard (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and they attempt to access the dashboard by requesting /wp-admin/, WP Cerber will return a 404 Error. Massive botnet brute force attack? That’s no longer a problem. Citadel mode will automatically be activated for awhile and prevent your site from making further attempts to log in with any username. Antispam protection: invisible reCAPTCHA for WooCommerce WooCommerce login form WooCommerce register form WooCommerce lost password form Antispam protection: invisible reCAPTCHA for WordPress WordPress login form WordPress register form WordPress lost password form WordPress comment form Documentation & Tutorials How to set up notifications Push notifications with Pushbullet How to set up invisible reCAPTCHA for WooCommerce Changing default plugin messages Best alternatives to the Clef plugin Why reCAPTCHA does not protect WordPress from bots and brute-force attacks Translations Czech, thanks to Hrohh Deutsche, thanks to mario, Mike and Daniel Dutch, thanks to Bernardo Français, thanks to hardesfred Norwegian (Bokmål), thanks to Eirik Vorland Portuguese (Portugal), thanks to Helderk Portuguese (Brazil), thanks to Felipe Turcheti Polski, thanks to Wojciech Górski Spanish, thanks to Ismael Murias and leemon Український, thanks to Nadia �? усский, thanks to Yui Italian, thanks to Francesco Venuti Thanks to POEditor.com for helping to translate this project. There are some semi-similar security plugins you can check out: Login LockDown, Login Security Solution, BruteProtect, Ajax Login & Register, Lockdown WP Admin, BulletProof Security, SiteGuard WP Plugin, All In One WP Security & Firewall, Brute Force Login Protection Another reliable plugins from the trusted author Plugin Inspector reveals issues with installed plugins Checks plugins for deprecated WordPress functions, known security vulnerabilities, and some unsafe PHP functions Translate sites with Google Translate Widget Make your website instantly available in 90+ languages with Google Translate Widget. Add the power of Google automatic translations with one click. 1. If you want to test out plugin’s features, do this from another computer and remove that computer’s network from the White Access List. Cerber is smart enough to recognize “the boss”. 2. If you’ve set up the Custom login URL and you use some caching plugin like W3 Total Cache or WP Super Cache, you have to add a new Custom login URL to the list of pages not to cache. 3. Read this if your website is under CloudFlare Deutsche Schützt vor Ort gegen Brute-Force-Attacken. Umfassende Kontrolle der Benutzeraktivität. Beschränken Sie die Anzahl der Anmeldeversuche durch die Login-Formular, XML-RPC-Anfragen oder mit Auth-Cookies. Beschränken Sie den Zugriff mit Schwarz-Weiß-Zugriffsliste Zugriffsliste. Track Benutzer und Einbruch Aktivität. Français Protège site contre les attaques par force brute. Un contrôle complet de l’activité de l’utilisateur. Limiter le nombre de tentatives de connexion �? travers les demandes formulaire de connexion, XML-RPC ou en utilisant auth cookies. Restreindre l’accès �? la liste noire accès et blanc Liste d’accès. L’utilisateur de la piste et l’activité anti-intrusion. Український Захищає сай�? від а�?ак перебором. Обмеж�?е кількіс�?ь спроб входу через запи�?и ввій�?и форми, XML-RPC або за допомогою ав�?ориза�?? ії в печиво. Обмежи�?и дос�?уп з чорний список дос�?упу і список білий дос�?упу. Корис�?увач �?рек і охоронної діяльнос�?і. What does “Cerber” mean? Cerber is derived from the name Cerberus. In Greek and Roman mythology, Cerberus is a multi-headed dog with a serpent’s tail, a mane of snakes, and a lion’s claws. Nobody can bypass this angry dog. Now you can order WP Cerber to guard the entrance to your site too.