=== Security & Firewall === Contributors: shagimuratov Requires at least: 3.0 Stable tag: 1.2 Tested up to: 4.6 Tags: login, bruteforce, login protection, wp-login, admin protection, admin security, brute force attack, brute force protection, brute force protection plugin, brute force protection script, brute force protection tool, brute force wp-admin, login brute force, login password, login protection, login security, password, password admin, password brute force, password bruteforce, password wp-admin, secure login, wordpress security, access, access control, wp-admin, security, secure License: GPLv2 License URI: http://www.gnu.org/licenses/gpl-2.0.html Security plugin protects WordPress against Brute force hacks. == Description == It adds a few seconds delay for any failed attempt to login to WordPress back-end. = Daily security report by email = Every day, the plugin sends a report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which the tried to sign in. = Brute-force attacks = Brute-force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses. Brute-force attack is one of the most dangerous attacks as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous. = Anti Brute-force security = The plugin is effective — it doesn't load the server, doesn't enquire the database and doesn't create any tables. It doesn't put anything in ".htaccess" as it could have a negative effect on your website accessibility or block the access to Administrator profile. The plugin takes optimal delay time between login attempts when a user corrects his credentials and tries to log in again. These seconds are more than enough for a user. If a user didn't make it in time — he can always retry and the delayed time will be nullified. It drops the effectiveness of brute-force attacks. A bot spends milliseconds to submit passwords, but the plugin allows to do it once in several seconds. If a bot needed a few months to find correct password, the protection prolongs the time to several years. = TODO = * Change time of Daily report to 10am. * Add a country to each IP address in the Daily report. * Add a malware scanner. == Screenshots == 1. The Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins. == Changelog == = 1.2 September 2 2016 = * Added Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins. = 1.1.1 August 29 2016 = * Removed some statement to debug the plugin. = 1.1 August 29 2016 = * Added 10 seconds delay for a failed attempt if more then 5 failed attempts have been made for past 1 hour. = 1.0.1 August 24 2016 = * Minor fix. = 1.0 August 19 2016 = * First release with anti brute force hacks protection.