Simple Login Protect for WordPress

Simple Login Protect is a Plugin designed to protect your WordPress site from hackers, crackers and other attackers, with simple configuration and with minimum problems for legitimate users.

Using the same technology used in the most advanced Security Tools, our plugin works as soon as installed, detecting malicious behavior and automatically blocking attackers.

Key Features:

  • Behavioral Intelligent Learning, detect the behavior of users to distinguish the bad guys from good guys
  • Really GDPR Compliant (why some others plugins don’t comply)
  • Minimum Configuration, just install and don’t mind looking for the settings, works out of the box

Behavioral Intelligent Learning

We expect legitimate users to behavior in a certain way. In the other side, hackers usually start with simple commoditized scripts, we studied these scripts and implemented detection rules for them.

When a hacker first try to break an WordPress Website, the first action is to determine a valid user (a valid author with valid login in WordPress). For this purpose they use a technique called User Enumeration, we detect this and start mapping his behavior.

The second part of an attack is to determine the user password, they use a technique called Brute Force Attacks, where they try to guess the user password. To increase the chance of success, they use a dictionary, normally starting with the most common passwords used (admin, qwerty, 123456, iloveyou), we detect this behavior too, and, at this point, our plugin is already blocking the attacker.

Even if the attacker use more sophisticated techniques, there are other behaviors that are not common to legitimate users, in example, an attacker will need to test thousands of passwords to try to guess a password, we detect these tries and block them increasing the lock down time.

Some Others Signs of Hackers:

  • Time between password retries are too small, this indicates a computer trying passwords and not a human
  • UserAgent used (the identifier of the browser or tool used), normally the most used tools, if not configured, will send their name in the headers
  • Missing compression, legitimate users will use compression for better performance, while attacker tools normally don’t use, since they ignore the response
  • Access without HTTPS, attacker tools will try to use HTTP only, because without cryptography on communication it is faster to try thousand of passwords
  • Direct Access to IP Address, attacker tools will scan the entire Internet for sites, and it’s simple to use IPs instead of try to discover all the domains from Internet
  • We make a time control between the user entering the login page and effectively making login, attacker tools normally try to login directly, bypassing the login page, they will need to reprogram the tools to bypass our plugin

In the other side, a legitimate user will obey all the rules, using a common web browser, accessing from the same Internet Provider that they always used, respecting the timeout when they misses the correct password, will need to mistype the password various times before getting blocked.

Automatically allow legitimate users to try again

After blocked, the plugin will inform the user how much time he have to wait before he can try again, minimising support.

On the first missed password tries, the plugin will allow the user to try again in a few minutes with a message, this removes work from the Site Administrator.

If necessary, the user can use the WordPress “Lost your password” feature to generate a new one if he forgot to not be blocked again.

But if a hacker that continues to try invalid passwords he will be blocked again for even increased times (limited to 24 hours).

Stopping Attack Tools (Pro only, coming soon)

Blocking an attack consumes precious resources, they consume Internet bandwidth, CPU, memory or even disk space for the logs, since they are not going to gain any access, stopping them from consume these resources became a priority.

After some tries from an attack tool, our plugin will start to give some random errors to the Attacker Tool, with these errors they may think that your site is having some errors, or will identify that they are been blocked.

Anyway, they probably will stop the attack and try to find the next site. It’s like having two cars parked on the street, one with an alarm and the other without alarm, if the robber can identify which one have the alarm, he will try the easy one.

Free Version

Detect and block malicious users

Detect and block Brute Force Attacks

Detect User Enumeration Attacks

Inform legitimate users if they are blocked

Detect if a hacker is not using HTTPS

Detect if a hacker is using scripts

Detect the most commons tools to attack WordPress sites, such as Hydra, Curl, MetaSploit, Kalil

Detect if the attacker is using a password dictionary to guess passwords

Block the IP of the attacker

Allow a legitimate user to try again after a few minutes

If the attacker continues, block again for 30 minutes

If the attacker continues, block for 24 hours

Counts and inform the Administrator how much attacks has been blocked

Detect and works automatically with Sucuri Web Firewall

Detect and suggest configuration for Proxies and Load Balancers

Detect and block attacks to XMLRPC API (not all plugins do this)

Detect attacks to REST API for user enumeration (no other plugin do this)

Have any ideias or request? Please, fill the form.

Pro Version (coming soon)

Everything from Free Version plus:

Stop Attack Tools – if the attacker continues to guess passwords, send some random errors to interrupt the attack

Multisite Support – configure everything just in one place

Allow personalize the lock down time for who is missing their password

Allow the Administrator to view the blocked IPs

Allow the Administrator to manually allow some blocked IP

Allow the Administrator to insert some IPs to Block Lists, and they will never be allowed to log in

Allow the administrator to insert some IPs on Allow Lists, and they will never be blocked

Allow notify the Administrator of blocked IPs, with a link to authorize the IP again with one click