CloudSecure WP Security

Description

This reliable, Japanese-made plugin protects your WordPress admin panel and login URL from cyberattacks.
With simple setup, you can protect your WordPress installation from unauthorized access and logins, improving security.
You can also customize each feature’s enable/disable (ON/OFF) and settings to your liking, allowing you to manage your protection at any time.

For more detailed information, including documentation and FAQs, please click here.

This plugin does not support WordPress multisite functionality.
It is only compatible with Apache 1.3 and 2.x web servers.
To use the image authentication feature, you must install the PHP extension library “gd.”
To use the admin panel access restriction feature and login URL change feature, you must load “mod_rewrite” in Apache.
This plugin’s features are as follows:

Login Disablement
If a specified number of login failures occur within a specified period, logins will be disabled (blocked) for a specified period of time.
This feature prevents unauthorized login attempts, such as brute force attacks and password list attacks.
It is particularly effective against automated attacks.

Change Login URL
Changes the login URL (wp-login.php).
You can set a name (string) of your choice, between 4 and 12 characters long, using lowercase English letters, numbers, hyphens, and underscores.
This feature makes it harder to exploit unauthorized login attempts, such as brute force attacks and password list attacks.

Unified Login Error Message
When logging in, the same message will be displayed regardless of whether the username, password, or image verification is incorrect.
This feature makes it harder to exploit attacks that probe the existence of usernames.

Two-Step Verification
When logging in, in addition to entering your username and password, an additional code is used for authentication.
To use this feature, you must register your device with the Google Authenticator application.
Enter the 6-digit verification code displayed in the application on the login screen. If all the information matches, you will be able to log in.
This strengthens security by preventing logins and impersonation by third parties who have obtained your username or password.

Add Image Verification
This feature requires you to enter random characters displayed on an image file. If the characters do not match, you will not be able to proceed to the next screen.
This can be set for login forms, comment forms, password reset forms, and user registration forms.
This feature prevents unauthorized login attempts, such as brute force attacks and password list attacks, as well as mechanical unauthorized access from malicious programs.

Administrative Panel Access Restriction
Accessing an administration page (/wp-admin/ and above) from an IP address that has not logged in to the admin panel will return a 404 error (Not Found).
This feature applies to IP addresses that have not logged in to the admin panel for more than 24 hours.
Once you log in, your IP address will be recorded and you will be able to access the admin panel.
You can specify pages (under wp-admin) to exclude from this feature.

Configuration File Access Prevention
This feature blocks unauthorized access to WordPress system files.

Username Leak Prevention
Prevents username leaks via “?author=number” access.

Disable XML-RPC
Disables the XML-RPC or pingback function to protect the admin panel from abuse.

Disable REST API
Disable the REST API to protect the admin panel from abuse.

Simple WAF
This is a simple WAF (Web Application Firewall) feature that provides basic defense against WordPress attacks.
It blocks common attacks such as SQL injection and cross-site scripting.

Login Notification
Notifies users by email when a login occurs.
If you receive an unfamiliar email, suspect unauthorized logins.

Update Notification
Notifies administrators by email when updates to WordPress, plugins, or themes are required.
Update checks are performed every 24 hours.
Always using the latest versions is essential for security.

Server Error Notification
When a server error “HTTP status code 500 (Internal Server Error)” occurs, the error history is recorded and the administrator is notified by email.
If the same type of error occurs within an hour, the error history is recorded, but no email notification is sent.

Login History
Displays the login history to the admin panel.
You can also search by filtering by each item.
Similar to login notifications, this function helps you become aware of unauthorized logins.