=== Security & Firewall by CleanTalk === Contributors: shagimuratov Requires at least: 3.0 Stable tag: 1.3 Tested up to: 4.6 Tags: login, bruteforce, login protection, brute force attack, brute force protection, login security, password, password admin, password bruteforce, security, secure, firewall License: GPLv2 License URI: http://www.gnu.org/licenses/gpl-2.0.html Security plugin protects WordPress against Brute force hacks. Security reports to admin email. == Description == It adds a few seconds delay for any failed attempt to login to WordPress back-end. = Daily security report by email = Every day, the plugin sends a report to your email. The report provides data on the number of incorrect password entries and the IP addresses from which the tried to sign in. = Brute force attacks = Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses. Brute force attack is one of the most dangerous attacks as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous. = Anti Brute force security = The plugin is effective — it doesn't load the server, doesn't enquire the database and doesn't create any tables. It doesn't put anything in ".htaccess" as it could have a negative effect on your website accessibility or block the access to Administrator profile. The plugin takes optimal delay time between login attempts when a user corrects his credentials and tries to log in again. These seconds are more than enough for a user. If a user didn't make it in time — he can always retry and the delayed time will be nullified. It drops the effectiveness of brute-force attacks. A bot spends milliseconds to submit passwords, but the plugin allows to do it once in several seconds. If a bot needed a few months to find correct password, the protection prolongs the time to several years. = TODO = * Change time of Daily report to 10am. * Add a country to each IP address in the Daily report. * Add a malware scanner. * Fix issue with 'Fatal error: Uncaught exception 'phpmailerException' with message 'Invalid address: wordpress@*.org'' == Screenshots == 1. The Daily security report. The report includes list of Brute force attacks or failed logins and list of successful logins. 1. Brute-force attacks log. The log includes list of attacks for past 24 hours and shows only last 20 records. To see the full report please check the Daily security report in your Inbox (bond@cleantalk.org). == Changelog == = 1.3 September 20 2016 = * Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings. * Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites. = 1.2.3 September 14 2016 = * Added a country name in the Daily report for each IP address in the list of Brute-Force attacks. * Minor changes with WP Cron integration. = 1.2.1 September 5 2016 = * Fixed issue with Daily security report. Previous version (1.2) didn't send the report. = 1.2 September 2 2016 = * Added Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins. = 1.1.1 August 29 2016 = * Removed some statement to debug the plugin. = 1.1 August 29 2016 = * Added 10 seconds delay for a failed attempt if more then 5 failed attempts have been made for past 1 hour. = 1.0.1 August 24 2016 = * Minor fix. = 1.0 August 19 2016 = * First release with anti brute force hacks protection. == Upgrade Notice == = 1.3 September 20 2016 = * Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings. * Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites. = 1.2.1 September 5 2016 = * Fixed issue with Daily security report. Previous version didn't send the report.