Perform a MD5 checksum for CORE files of your website to know if someone changed anything or added malicious code in it.reCAPTCHA protects your website from fraud and abuse using complex challenges to block malicious activities on website.Apply a challenge question on the login page so no one without that information can log into your website.Completely disable login with password. Just enter the username/email, you will receive an email with the link to login.Add a two-step security layer for login. Configure a two-factor authentication via email for secure login.Configure a two-factor authentication via mobile or authenticator apps for secure login.You can change the wp-login.php link to a custom one so only you know the login link and no one else will be able to login.Disable pingbacks so the users can't pingback your website and are safe from a DDOS attack.Disable/Rename the XML-RPC and prevent brute force on the xmlrpc.php page which is open by default in WordPress.
Changelog * [Feature] Block Page, now instead of showing error on the Login page of user being blacklisted, you can just show a page with error, reducing the resource being used to show the error. * [Feature] Email notification on successful login and you can enforce this on your users too. * [Pro Feature] Added Cloudflare Turnstile, and hCaptcha. * [Task] Tested with WordPress 6.5.
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.
envator |
