Loginizer Security Pro v1.6.7

Loginizer is a WordPress plugin that helps you fight brute force attacks by limiting login attempts after an IP has reached the maximum number of retries allowed.Loginizer allows you to filter or whitelist logged in IP addresses.Additional security features, such as two-factor authentication, reCAPTCHA, and passwordless login, can be used to increase the security of your website.

Over 1,000,000 WordPress sites actively use Loginizer.

Our official documentation can be found at https://loginizer.com/docs. If you are a free user, we are also active in the community help forum on wordpress. organization.https://loginizer.dekuss.com ist unser Premium-Support-Ticketsystem.

Features: Loginizer Security Pro

Free features:

  • Protection from brute force. IPs that attempt to brute force your website will be blacklisted for 15 minutes after 3 failed login attempts.After multiple lockouts, IP addresses will be restricted for 24 hours. This is the default setting and can be adjusted in the Loginizer -> Brute Force page of the WordPress admin panel.
  • Log of failed login attempts.
  • IP on the blacklist
  • Whitelist IPs
  • You can create your own error message when a login attempt fails.
  • Check permissions on essential files and folders.

Professional Features:

  • MD5 checksums of WordPress core files Admins can also check and ignore files.
  • Passwordless Login - When logging in, a username/email address will be requested and an email with a temporary login link will be provided to the account's email address.
  • Email-Based Two-Factor Authentication - An email will be sent to the account's email address containing a temporary 6-digit number to complete the login process.
  • Two-Factor Authentication via App - Users can set up accounts using 2FA apps like Google Authenticator or Authy.
  • Login Challenge Questions - As an extra layer of security, users can create challenge questions and answers.After logging in, the user will be prompted to answer questions to complete the process.
  • reCAPTCHA - To avoid automated brute force attacks, Google's reCAPTCHA v3/v2 can be configured for login pages, comment sections, registration forms, etc. Also works with WooCommerce.
  • Rename login page - To prevent automated brute force attacks, administrators can rename the login URL (slug) to something other than wp-login. php.
  • Rename wp-admin URL - wp-admin URL is used to access WordPress admin section. You can use the login to change it to whatever you want, such as site admin.
  • If rename login with privacy is enabled, all login URLs will still point to wp-login. php, the user has to enter a new login in the browser to access it.
  • Disable XML-RPC - In WordPress, you can simply disable XML-RPC. Most WordPress users don't need XML-RPC and can turn it off to prevent automated brute force attacks.
  • Change XML-RPC - To prevent automated brute force attacks, administrators can rename XML-RPC to something other than xmlrpc. php.
  • Attackers typically use usernames such as admin, administrator, or a variation of your domain/company name.You can specify such a username here and Loginizer will automatically blacklist any client that tries to use it.
  • Newly Registered Domains Blacklist - If you want to block new registrations for a specific domain, you can use this tool.
  • Change Admin Username - Admins can change the admin username to something more difficult to remember.
  • Automatically blacklist IPs - IP addresses will be automatically blacklisted if a malicious bot or user logs in with an administrator saved username.
  • Pingbacks Disabled - A simple technique to disable pingbacks.

The logger has the following functions:

  • After the maximum number of retries allowed, the IP address will be blocked.
  • Extend the lockout after the maximum number of lockouts allowed.
  • After reaching the maximum number of locks, send an email to the administrator.
  • IP / IP range blacklist
  • IP / IP series whitelist
  • Check the log of failed attempts.
  • Create IP ranges.
  • The IP range should be removed.
  • LGPLv2.1 is the license.
  • Safe and reliable

Changelog: Loginizer Security Pro

1) [Fix] After Interim Login due to session timeout, the popup for login was not closed. This is fixed now.
2) [Fix] reCAPTCHA was not working on registration page with BuddyPress plugin. This is fixed now.

[Task] Tested up to: WordPress 5.2.0

[Task] Tested up to: WordPress 5.0.2

[Feature] Made Loginizer BuddyPress compatible.
[Bug Fix] There is an XSS bug introduced in version 1.3.8. This is fixed. Please upgrade ASAP.

[Feature] Added an option to Enable / Disable Brute Force checks.
[Feature] Added the feature to log the URL of the page from which the brute force attempt is being made.

[Feature] Added an option to Delete the entire Blacklist / Whitelist IP Ranges.
[Feature] Custom IP Header added as an option for detecting the IP as per the Proxy settings of a server.
[Bug Fix] In WooCommerce the number of login retries left was not being shown. This is fixed.

[Bug Fix] Blacklist and Whitelist IPs were not being deleted. This is fixed.

[Feature] Pagination added to the Blacklist and Whitelist IPs
[Bug Fix] SQL Injection fix for X-Forwarded-For. This is fixed. Vulnerability was found by Jonas Lejon of WPScans.com
[Bug Fix] There was a missing referrer check in Blacklist and Whitelist IP Wizard. This is fixed.

[Feature] Added a wizard for admins to set their own language strings for Brute Force messages
[Bug Fix] Twitter box shown in Loginizer was not accessed over HTTPS.

[Bug Fix] Fixed the BigInteger Class for PHP 7 compatibility.

[Feature] IPv6 support has been added.
[Feature] The last attempted username will now be shown in the Login Logs.
[Bug Fix] The documentation in the plugin was pointing to a wrong link. This is now fixed.

[Feature] Added option to choose between REMOTE_ADDR, HTTP_CLIENT_IP and HTTP_X_FORWARDED for websites behind a proxy
[Task] The news.js will now be loaded from HTTPS servers

[Feature] The Login attempt logs will now be shown as per the last attempt TIME and in Descending Order
[Feature] Added an option to Reset the Login attempts for all or specific IPs

[Feature] Added pagination in the Brute Force Logs Wizard
[Bug Fix] Disabling and Re-Enabling Loginizer caused an SQL error

[Task] The brute force logs will now be sorted as per the time of failed login attemps
[Bug Fix] Dashboard showed wrong permissions if wp-content path had been changed
[Bug Fix] Added Directory path to include files which caused issues with some plugins

[Bug Fix] Added ABSPATH instead of get_home_path()

[Feature] New Dashboard
[Feature] System Information added in the new Dashboard
[Feature] File Permissions added in the new Dashboard
[Feature] New UI
[Bug Fix] Fixed bug to add IP Range from –
[Bug Fix] Removed /e from preg_replace causing warnings in PHP

Fixed Extended Lockout bug
Fixed Lockout bug
Handle login attempts via XML-RPC

Database structure changes to make the plugin work faster
Minor fixes

Blocks IP after maximum retries allowed
Extended Lockout after maximum lockouts allowed
Email notification to admin after max lockouts
Blacklist IP/IP range
Whitelist IP/IP range
Check logs of failed attempts
Create IP ranges
Delete IP ranges
Licensed under GNU GPL version 3
Safe & Secure