.htaccess Login block Plugin
Simple plugin to block login hijackers using apache and .htaccess. Simple and resource efficient way to protect your blog. Works with Apache from 1.
Every failed login is counted and if configurable threshold is hit, plugin will block access to wp-login.php in .htaccess, so
that hijackers won’t be able to try anymore and at the same time – won’t use server resources.
If the same IP keeps trying after first block has expired, it is possible to block it from accessing website completely.
Blocking visitor in .htaccess is the most simple and most resource friendly way of stopping webpage abuse and wasting server resources.
Since v0.6 plugin should also log and stop XML-RPC abusers.
Installation
- Install the plugin through the WordPress plugins screen directly.
- Activate the plugin through the ‘Plugins’ screen in WordPress, review settings.
Changelog
0.9a
0.99
- Added option to hide registered user exposure through JSON requests.
0.98
- Making plugin ready for WordPress 5.6 and PHP8.0
0.97
- Fixing small bug, when IP address can not be detected.
0.96
0.95
- Using correct way for modifying .htaccess using WP functions
0.94
- Minor fix for new line and .htaccess parsing
0.93
- Minor fix for valid-IP detection function.
0.92
- Small additional fixed for the bad IP entries.
0.91
- Fixed bug with unknown or invalid IP entries, that would break .htaccess
0.9
- Fixed bug with non-delisting IPs.
- Added code to cleanup old log entries, to reduce useless database usage.
0.8
0.7
- Bug fix for installations with big many blocked IPs
0.6
- Added support for XML-RPC login and abuse monitoring.
0.5
- Minor PHP strict standard fix.
0.3
0.2
0.1
- First version for testing on private sites.