=== XO Security === Contributors: ishitaka Tags: security, login, pingback, xmlrpc, captcha, rest, nginx Requires at least: 4.6 Tested up to: 5.3 Stable tag: 2.2.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html XO Security is a plugin to enhance login related security. == Description == XO Security is a plugin to enhance login related security. This plugin does not write to .htaccess file. Nginx also works. = Functions = * Record login log. * Limit login attempts. * Login Alert. * Add Captcha to the login form and comment form. * Change the URL of the login page. (WordPress multisite subdomain type is not supported). * Disable login by mail address. * Change login error message. * Disable XML-RPC and XML-RPC Pingback. * Disable REST API. * Change REST API URL prefix. * Disable author archive page. * Remove comment author class of comments list. * WordPress multisite support. == Installation == 1. Upload the `XO-Security` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the Plugins menu in WordPress. 3. Go to "Settings" -> "XO Security" and customize behaviour as needed. == Screenshots == 1. Login log page. 2. Setting status page. 3. Login setting page. == Frequently Asked Questions == = Login page is not displayed. = Please initialize the settings. * In wp_options table, the value of the option_name field (column) is to remove the record of "xo_security_options". * If you have set the login page, please delete the file. = The CAPTCHA is not displayed. = Please install mbstring and GD library. == Changelog == = 2.2.0 = * Supported WordPress 5.3. = 2.1.5 = * Fixed a bug that could not open password protected post. = 2.1.4 = * Migrated language packs to translate.wordpress.org (GlotPress). * Changed the value of the auto-delete login log option. = 2.1.3 = * Fixed a bug that could slow down the display of the admin page. (Thanks to mocchii) = 2.1.2 = * Added items to the site information. = 2.1.1 = * Fixed a bug in displaying site information. = 2.1.0 = * Added function to display site information. * Changed option to disable REST API. = 2.0.0 = * Added option to change login error message. * Added option to disable login by mail address. = 1.9.0 = * Added CAPTCHA to the comment form. = 1.8.0 = * Added CAPTCHA to the login page. = 1.7.0 = * Added a setting to exclude disabling REST API. * Not supported for WordPress 4.5 and earlier. = 1.6.0 = * Change the IP address acquired the HTTP_X_FORWARDED_FOR via a proxy server. * Added login limit with language settings. = 1.5.3 = * Fixed XSS vulnerability. (Thanks to pluginvulnerabilities.com) = 1.5.0 = * Added support for WordPress multisite. = 1.4.0 = * Added dashboard widget. = 1.3.0 = * Added option in login alert administrators only. = 1.2.0 = * Added Login Alert. = 1.1.0 = * Added option to disable REST API. * Added option to change REST API URL prefix. * Change UserAgent white list & UserAgent black list option from the settings page to define(). = 1.0.0 = * Initial release.