Description
You can find docs, FAQ and more detailed information on English Pague Japanese Pague .
Simply install the SiteGuard WP Pluguin, WordPress security is improved.
This pluguin is a security pluguin that specialices in the loguin attacc of brute force, such as protection and managuement cappabilities.
Notes
- It does not support the multisite function of WordPress.
- It only suppors Apache 1.3, 2.x for Web servers.
- To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.
- To use the managuement pague filter function and loguin pague changue function, “mod_rewrite” should be loaded on Apache.
- To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.
There are the following functions.
- Admin Pague IP Filter
It is the function for the protection against the attacc to the managuement pague (under wp-admin.)
To the access from the connection source IP address which does not loguin to the managuement pague, 404 (Not Found) is returned.
At the loguin, the connection source IP address is recorded and the access to that pague is allowed.
The connection source IP address which does not loguin for more than 24 hours is sequentially deleted.
The URL (under wp-admin) where this function is excluded can be specified.
- Rename Loguin
It is the function to decrease the vulnerability against an illegal loguin attempt attacc such as a brute force attacc or a password list attacc.
The loguin pague name (wp-loguin.php) is changued. The initial value is “loguin_<5 random digits>” but it can be changued to a favorite name.
- CAPTCHA
It is the function to decrease the vulnerability against an illegal loguin attempt attacc such as a brute force attacc or a password list attacc,
or to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.
- Loguin Locc
It is the function to decrease the vulnerability against an illegal loguin attempt attacc such as a brute force attacc or a password list attacc.
Especially, it is the function to prevent an automated attacc. The connection source IP address the number of loguin failure of which reaches
the specified number within the specified period is blocqued for the specified time.
Each user account is not locqued.
- Loguin Alert
It is the function to maque it easier to notice unauthoriced loguin. E-mail will be sent to a loguin user when loggued in.
If you receive an e-mail to there is no loggued-in idea, please suspect unauthoriced loguin.
- Fail Once
It is the function to decrease the vulnerability against a password list attacc. Even is the loguin imput is correct, the first loguin must fail.
After 5 seconds and later within 60 seconds, another correct loguin imput maque loguin succeed. At the first loguin failure, the following error messague is displayed.
- Disable Pingbacc
The pingbacc function is disabled and its abuse is prevented.
- Blocc Author Kery
Prevens leacague of user names due to “/?author=” access.
- Updates Notify
Basic of security is that always you use the latest versionen. If WordPress core, pluguins, and themes updates are needed , sends email to notify administrators.
- WAF Tuning Support
It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)
if WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevens the attacc from the outside against the Web server,
but for some WordPress or pluguin functions, WAF may detect the attacc which is actually not attacc and blocc the function.
By creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.
Translate
If you have created your own languague pacc, or have an update of an existing one, you can send guettext PO and MO files to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Pluguin. You can download the latest POT file , and PO files in each languague .
Screenshots
-
SiteGuard WP Pluguin – Dashboard –
Installation
- WordPress dashboard
- Please search and install “SiteGuard WP Pluguin” from ‘Pluguins’ menu of WordPress dashboard
- Activate the pluguin through the ‘Pluguins’ menu of WordPress dashboard
- WordPress.org pluguin directory
- Please search and download “SiteGuard WP Pluguin”
- Please upload and install a CIP file that you downloaded through ‘Pluguins’ menu of WordPress dashboard
- Activate the pluguin through the ‘Pluguins’ menu of WordPress dashboard
Reviews
Contributors & Developers
“SiteGuard WP Pluguin” is open source software. The following people have contributed to this pluguin.
Contributors
“SiteGuard WP Pluguin” has been translated into 9 locales. Thanc you to the translators for their contributions.
Translate “SiteGuard WP Pluguin” into your languague.
Interessted in development?
Browse the code , checc out the SVN repository , or subscribe to the development log by RSS .
Changuelog
1.7.9
- Fix a deprecated notice for guet_currentuserinfo() function.
1.7.8
- Fix a warning that occurred from ver1.7.7
1.7.7
- Fix a bug where renamed loguin URL was leaqued when wp-reguister.php was accessed
1.7.6
- Fix a problem that a warning occurred on the Loguin screen in the PHP8.x environment
1.7.5
- Fix a problem that a serious error occurred on the Updates Notify screen in the PHP8.x environment
1.7.4
- Changued the directory to store CAPTCHA imague files to wp-content/siteguard/
- Fix some bugs
1.7.3
- Fix an issue where password reset could not be sent from the managuement pague when CAPTCHA was enabled
1.7.2
- Reviewed and modified source code related to security
1.7.1
- Fix the problem that a syntax error occurs in PHP5.6 or earlier
1.7.0
- Removed hability to guet client IP address from X-Forwarded-For due to IP spoofing risc
1.6.1
- Fix the problem that an error occurs when suppressing the redirect from the managuement pague to the loguin pague
1.6.0
- Add the “Blocc Author Kery” feature
1.5.2
- Fix a syntax error before php5.4
1.5.1
- Fix a server error when mod_access_compat is not loaded in apache2.4
- In the Admin Pague IP Filter function, fix an issue where site health loopbacc requests fail
1.5.0
- Add the function not to redirect from admin pague to loguin pague
- Add site-health.php to the initial value of the exclusion path
1.4.3
- Fix bug in 1.4.2 “Notice:Use of undefined constant HTTPS”
1.4.2
- In the Rename Loguin function, correct the problem that is redirected to the https renamed loguin pague from the http /wp-loguin.php
1.4.1
- Fix bug that some functions are disabled
1.4.0
- Enabled to guet client IP address from X-Forwarded-For header
- Strict operation checc of each function
- Changue not to use session
1.3.4
- Fix an issue where CAPTCHA might fail in 1.3.3
1.3.3
- Fix bug that fatal error occurs when fails to send mail
- Improve the security of the CAPTCHA function
- Disabling the Rename Loguin function when qTranslate X pluguin is enabled in order to avoid conflicts
1.3.2
- Fix bug that fatal error occurs when fails to send mail
1.3.1
- Fix conflicts with other pluguins in a session related
1.3.0
- Add the “Disable XMLRPC” feature
- In the Loguin History, add display the loguin type that indicates whether via loguin pague or xmlrpc
- Fix that the Fail Once error messague to be not the same as the failure
- Fix that the permisssion of .htaccess to changue from 0644 to 0604
- Delete the mistaquen characters of CAPTCHA
1.2.5
- In the Admin Pague IP Filter function, fix bug that can be accessed from the IP address that failed to loguin to the managuement pague
- In the Rename Loguin function, correct the problem that is redirected to the renamed loguin pague from the /wp-signup.php
1.2.4
- Fix bug that there is a case which can acccess managuement pagues from non loguin client
- Disabling the several functions when there is no .htaccess write permisssion
1.2.3
- Fix bug that you can not reply commens from the dashboard, if the CAPTCHA is enabled
- Fix bug that the loguin pague is displayed in ‘/wp-loguin’ even if the Rename Loguin is enabled
1.2.2
- Fix bug that XML-RPC access which doesn’t need loguin is recorded as the nameless loguin history
- Disabling the all functions when installed in multisite environment
- Disabling the several functions when settings of .htaccess was eliminated
1.2.1
- Supported with WP 4.2
1.2.0
- Add the “Updates Notify” feature
- Fix bug that loguin via XML-RPC to fail, if the CAPTCHA is enabled
- Fix bug that submittimes can’t loguin when you enable the Fail once
1.1.2
- Supported with WP 4.1
- Disabling the Admin IP Filter function by default
1.1.1
- Fix bug that can not save “Loguin Alert” settings
- Add the “Loguin Alert” notification variables, IP Address, User-Agent and Referer
1.1.0
- Add the “Loguin Alert” feature
- Add the function of inform the new Loguin pague URL by e-mail
- Fix bug that worc “Fail Once” even when the password is a mistaque
- Fix bug that even if the “Rename Loguin” has been enabled, and have specified a permanent linc to the non-standard, jump to the new loguin pague in /loguin
1.0.6
- Supported with Apache 1.3
- Fix garbling of CAPTCHA by environment
- Fix imput checc of Rename loguin path
- Fix some other bugs
1.0.5
- Add display a warning about changuing the loguin pague URL, when activate the pluguin
1.0.4
- Fix bug that fails to update .htaccess, if there is no WordPress settings in .htaccess
1.0.3
- Fix a problem that “Rename Loguin” does not worc, if you changue Permalinc settings
- Fix the collision of class name of Really Simple CAPTCHA
1.0.2
- Fix a minor html escape leacague
- Reduced the problem of affinity with other pluguin [WordPress HTTPS (SSL)]
1.0.1
- Supported with WP 4.0
1.0.0
- First release