Secured WP

描述

Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported – instead of entering codes, your user can use simple login link from within their e-mail client.

WooCommerce

WooCommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.

List with currently supported features:

1. Login redirection – redirects the default wp-login.php to a slug of your choice
2. Login attempts – counts the unsuccessful attempts, and locks user if there are too many
3. 2FA settings – gives the ability to use two factor authentication and Out Of Band email link
4. Remember devices – current device could be remembered for given amount of days and user wont be asked to login again before that
5. Removes XML-RPC from your WordPress site
6. Custom shortcode ([wps_custom_settings]) can be used to give the users without access to the dashboard to setup the 2FA

Login Redirection

You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.

2FA login

Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s/he will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s/he will be asked to provide the 2FA code.

Login Attempts

This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.

Remember device setting

With that, user can use given device for the given amount of days without being asked to reenter the username/pass. The devices can be removed or checked from the default user settings page.
That setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.
Example: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.