Apocalypse Meow
Apocalypse Meow’s main focus is addressing WordPress security issues related to user accounts and logins. This includes things like: Brute-force login-in protection; Customizable password strength requirements; XML-RPC access controls; Account access alerts; Searchable access logs (including failed login attempts and temporary bans); User enumeration prevention; Registration SPAM protection; Miscellaneous Core and template options to make targeted hacks more difficult; Anonymize/scrub leaky remote request headers; Security is an admittedly technical subject, but Apocalypse Meow strives to help educate “normal” users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information. Knowledge is power! Requirements Due to the advanced nature of some of the plugin features, there are a few additional server requirements beyond what WordPress itself requires: WordPress 4.4+. PHP 7.4 or later. PHP extensions: (bcmath or gmp), date, filter, json, pcre. CREATE and DROP MySQL grants. Single-site Installs (i.e. Multi-Site is not supported). Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂 Log Monitoring Some robots are so dumb they’ll continue trying to submit credentials even after the login form is replaced, wasting system resources and clogging up the log-in history table. One way to mitigate this is to use a server-side log-monitoring program like Fail2Ban or OSSEC to ban users via the firewall. Apocalypse Meow produces a 403 error when a banned user requests the login form. Your log-monitoring rule should therefore look for repeated 403 responses to wp-login.php. Additionally, some robots are unable to follow redirects; if your login form requires SSL, you should also ban repeated 301/302 responses to catch those fools. If you have enabled user enumeration protection with the die() option, requests for ?author=X will produce a 400 response code which can be similarly tracked. Privacy Policy When active, this plugin retains security logs of every sign-in attempt made to the CMS backend. This information — including the end user’s public IP address, username, and the status of his or her attempt — is used to help prevent unauthorized system access and maintain Quality of Service for all site visitors. This information resides fully on the hosting web site and is not shared with any third parties. Data retention is entirely up to the site operator, but by default old records are automatically removed after 90 days. Please note: Apocalypse Meow DOES NOT integrate with any WordPress GDPR “Personal Data” features. (Selective erasure of audit logs would undermine the security mechanisms provided by this plugin. Haha.)
Top keywords
- php6×1.27%
- user5×1.06%
- wordpress5×1.06%
- access4×0.85%
- apocalypse4×0.85%
- apocalypse meow4×0.85%
- login4×0.85%
- meow4×0.85%
- security4×0.85%
- form3×0.64%
- information3×0.64%
- login form3×0.64%
Melapress Login Security
COMPREHENSIVE WORDPRESS LOGIN SECURITY PLUGIN Melapress Login Security enables you to effortlessly set login security policies that put you firmly in the driver’s seat of your WordPress sites. Policies are highly customizable and granular and can be implemented by user role or site-wide for complete control over the security of your WordPress login processes. Use the free edition of Melapress Login Security to implement WordPress password requirements such as minimum length and complexity rules. The plugin also allows you to set password expiration policies, prevent password reuse, limit failed login attempts, and automatically disable inactive user accounts, among other things. This helps you: Prevent unauthorized login attempts Protect against brute force attacks Comply with GDPR with a login consent notice 🔐 Features list A secure WordPress login starts right here. Explore all of the features included with the free edition of Melapress Login Security: Set password policies Strong passwords are your first line of defense against bad actors looking to gain access to your site. Set password requirement policies to make sure users set strong passwords. Set policies by user role or site-wide and define policy priority for users with multiple roles. Set minimum password length Require uppercase and lowercase characters, numbers, and special characters Set an automatic password expiration policy and advise users when their password is about to expire Disallow users from reusing passwords Provide users with helpful instructions during the password configuration stage Disable password reset links Mandate WordPress password reset on the first login Limit login attempts Limit failed login attempts and put an end to brute force attacks. Protect your login form by automatically disabling user accounts after a number of failed login attempts. Choose between manual unlocking by an admin or automatic unlocking after a cooldown period. Temporary login without password Provide temporary and secure login access to third parties, like developers, editors, employees or others, without a password. It works by providing the user with a temporary login link that expires after a certain amount of time, or after a number of uses. This prevents you from having to create new user accounts manually, while simultaneously reducing the security risks associated with old, unused user accounts. Change WordPress login URL Easily deploy security-by-obscurity tactics and change your WordPress login page URL using a plugin! Hiding the default login page from hackers makes it more difficult to find, potentially reducing brute force attacks and other unauthorized access attempts. After you change the default wp-admin URL, you can set a 404 for the old login page or redirect it to any page of your choosing. Limit login page access by IP address(es) Limit access to the WordPress login page by IP address(es) for additional security. GDPR login page consent notice Easily meet GDPR requirements by adding a GDPR consent notice to the login page. This is required for GDPR and PCI DSS compliance, thus ensuring your WordPress site login page is in compliance. Emergency password reset Discovered suspicious behavior? Reset all users’ passwords with just one click and regain instant control. Upgrade to Melapress Login Security Premium and get even more benefits. The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them. Premium features list Everything included in the free edition Manually lock user accounts to immediately prevent login access for rarely used accounts or users on extended leave Add an extra security layer with security questions users must answer when performing sensitive actions such as password resets and account unlocks Receive email alerts for unrecognized device logins, with the option to remotely terminate the session Control user session duration by extending or shortening session timeouts to balance security and convenience One-click integration with third-party plugins such as WooCommerce, LearnDash, MemberPress, and many others Automatically disable inactive WordPress users after a configurable period of inactivity Apply Geo-blocking rules to allow or block login access based on specific countries Restrict users’ login to specific IP addresses, including support for multiple allowed IPs Restrict WordPress user login times by day and/or hours Limit login credentials to email address, username, or both Add a GDPR consent notice to the WordPress login page View detailed user security reports, including last activity, password age, and expired passwords Receive weekly email summary reports covering password resets, password changes, user account lockouts, and more |💎 UPGRADE TO PREMIUM | Why you should use Melapress Login Security Melapress Login Security is a WordPress plugin built from the ground up to help you improve the security of your user accounts and secure your WordPress login. Supercharge login credentials for maximum effectiveness and put a stop to unlimited login attempts, weak passwords, and inactive users. Set up policies to reduce your attack surface area such as login times restrictions, change the WordPress login URL, and much more. Free and premium support Support for the free edition of Melapress Login Security is free on the WordPress support forums. Premium world-class support via one-to-one email is available to the Premium users – upgrade to premium to benefit from priority support. For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form. MAINTAINED & SUPPORTED BY MELAPRESS Melapress builds high-quality WordPress security & admin plugins such as WP 2FA, Melapress Role Editor,and WP Activity Log, the #1 user-rated activity log plugin for WordPress. Visit our website to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users. Install the plugin from within WordPress Keeping a secure WordPress login page is easy with Melapress Login Security. Simply: From your WordPress dashboard, navigate to Plugins > Add New Search for “Melapress Login Security” Install & activate Melapress Login Security from your Plugins page Install the plugin manually (via file upload) Download the plugin from the WordPress plugins repository Unzip the zip file and upload the folder to the /wp-content/plugins/ directory Activate the Melapress Login Security plugin through the Plugins page in WordPress