siteguard
Last commit date
admin
2 weeks ago
classes
3 days ago
css
3 weeks ago
images
1 month ago
languages
3 days ago
really-simple-captcha
1 month ago
changelog.txt
1 month ago
license.txt
11 years ago
readme.txt
3 days ago
siteguard.php
3 days ago
uninstall.php
2 weeks ago
readme.txt
173 lines
| 1 | === SiteGuard WP Plugin === |
| 2 | Contributors: jp-secure |
| 3 | Donate link: - |
| 4 | Tags: security, login lock, login alert, captcha, pingback |
| 5 | Requires at least: 6.0 |
| 6 | Tested up to: 7.0 |
| 7 | Stable tag: 1.8.7 |
| 8 | License: GPLv2 or later |
| 9 | License URI: http://www.gnu.org/licenses/gpl-2.0.html |
| 10 | |
| 11 | Adds WordPress login and admin protections, including CAPTCHA, login lock, login alerts, renamed login URLs, and SiteGuard WAF tuning support. |
| 12 | |
| 13 | == Description == |
| 14 | |
| 15 | SiteGuard WP Plugin helps protect WordPress sites by strengthening login and admin-area security. It helps reduce brute-force login attacks, password list attacks, comment spam, and unauthorized access to `/wp-admin/`. |
| 16 | |
| 17 | = Main Features = |
| 18 | |
| 19 | * Admin Page IP Filter: Restricts wp-admin access to IP addresses that have successfully logged in. |
| 20 | * Rename Login: Changes the URL of the login page from `wp-login.php` to a custom path. |
| 21 | * CAPTCHA: Adds CAPTCHA to login, comment, password reset, and user registration forms. |
| 22 | * Login Lock: Temporarily locks out IP addresses after repeated failed login attempts. |
| 23 | * Login Alert: Sends email notifications when users log in. |
| 24 | * Fail Once: Intentionally rejects the first valid login attempt and requires the user to try again shortly after. |
| 25 | * Protect XML-RPC: Disables pingbacks or all XML-RPC access to help prevent abuse. |
| 26 | * Block Author Query: Helps prevent username leakage through `/?author=<number>` requests. |
| 27 | * Update Notifications: Sends email notifications when updates are available for WordPress core, plugins, or themes. |
| 28 | * WAF Tuning Support: Creates exclusion rules to help prevent false positives when SiteGuard Server Edition WAF is installed. |
| 29 | |
| 30 | = Requirements and Compatibility = |
| 31 | |
| 32 | * WordPress multisite is not supported. |
| 33 | * Apache 1.3, Apache 2.x, and Nginx are supported. |
| 34 | * CAPTCHA requires the PHP extensions `mbstring` and `gd`. |
| 35 | * WAF Tuning Support requires SiteGuard Server Edition on Apache. |
| 36 | |
| 37 | = Documentation = |
| 38 | |
| 39 | Documentation, FAQs, and more details are available in [English](https://www.jp-secure.com/siteguard_wp_plugin_en/) and [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/). |
| 40 | |
| 41 | = Translations = |
| 42 | |
| 43 | This plugin is translated by the community. We appreciate your help with translations on the [WordPress translation platform](https://translate.wordpress.org/projects/wp-plugins/siteguard/). |
| 44 | |
| 45 | == Installation == |
| 46 | |
| 47 | = From the WordPress Dashboard = |
| 48 | |
| 49 | 1. In the WordPress dashboard, go to Plugins > Add New. |
| 50 | 2. Search for "SiteGuard WP Plugin". |
| 51 | 3. Install and activate the plugin. |
| 52 | |
| 53 | = Manual Installation = |
| 54 | |
| 55 | 1. Search for and download "SiteGuard WP Plugin". |
| 56 | 2. In the WordPress dashboard, go to Plugins > Add New > Upload Plugin. |
| 57 | 3. Upload the downloaded ZIP file. |
| 58 | 4. Install and activate the plugin. |
| 59 | |
| 60 | == Screenshots == |
| 61 | |
| 62 | 1. SiteGuard WP Plugin dashboard. |
| 63 | |
| 64 | == Frequently Asked Questions == |
| 65 | |
| 66 | For FAQs, see the [English](https://www.jp-secure.com/siteguard_wp_plugin_en/faq.html) or [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/faq.html) documentation. |
| 67 | |
| 68 | == Changelog == |
| 69 | |
| 70 | = 1.8.7 = |
| 71 | |
| 72 | * Fixed a cross-site scripting (XSS) vulnerability in the logout URL that could occur when the login page URL is changed. |
| 73 | |
| 74 | Special thanks to daroo (Patchstack) for the report. |
| 75 | |
| 76 | = 1.8.6 = |
| 77 | |
| 78 | * Rename Login: when the login URL falls back to the .php (stub) form, the settings screen now explains why .htaccess could not be used. |
| 79 | * Rename Login: fixed the .htaccess self-test so it works when WordPress has been given its own directory (the WordPress Address differs from the Site Address). |
| 80 | * Block Author Query: the "Disable REST API" exclusion list now uses REST API namespaces instead of plugin names. |
| 81 | |
| 82 | Special thanks to abcdrew and miwarock777 for their contributions to this release. |
| 83 | |
| 84 | = 1.8.5 = |
| 85 | |
| 86 | * Fixed a security issue affecting the login URL protection on some server configurations. |
| 87 | |
| 88 | Special thanks to goto5656 for the report. |
| 89 | |
| 90 | = 1.8.4 = |
| 91 | |
| 92 | * Fixed a security issue affecting the login URL protection on some server configurations. |
| 93 | |
| 94 | Special thanks to goto5656 for the report. |
| 95 | |
| 96 | = 1.8.3 = |
| 97 | |
| 98 | * Fixed an issue where the cleanup of legacy .htaccess rules (which could lock administrators out of /wp-admin/) did not run on sites that had already updated to 1.8.0 or 1.8.1. |
| 99 | |
| 100 | = 1.8.2 = |
| 101 | |
| 102 | * Fixed an issue where upgrading from 1.7.x to 1.8.x could leave legacy .htaccess rules in place, locking administrators out of /wp-admin/. |
| 103 | |
| 104 | Special thanks to t.inoue for the report. |
| 105 | |
| 106 | = 1.8.1 = |
| 107 | |
| 108 | * Fixed a security issue affecting the login URL protection. |
| 109 | |
| 110 | = 1.8.0 = |
| 111 | |
| 112 | * Added support for Nginx and Apache environments that do not use an .htaccess file. |
| 113 | * Improved Login Lock to apply to authentication attempts via XML-RPC. |
| 114 | * Fixed several security issues affecting login URL protection. |
| 115 | * Reviewed and updated the English strings. Special thanks to abcdrew. |
| 116 | |
| 117 | Special thanks to Daiki Honda and Daishi Kuroki for their contributions to this release. |
| 118 | Special thanks to Helena Media Research Corporation for the report. |
| 119 | |
| 120 | = 1.7.12 = |
| 121 | |
| 122 | * Fixed an authorization vulnerability in the login history. Special thanks to Ficus Inc. |
| 123 | * Mitigated CAPTCHA authentication failures in some environments. |
| 124 | |
| 125 | = 1.7.11 = |
| 126 | |
| 127 | * Fixed an issue where a syntax error occurred in PHP 5.6 or earlier. |
| 128 | |
| 129 | = 1.7.10 = |
| 130 | |
| 131 | * Fixed a Guessable CAPTCHA vulnerability (CVE-2026-27411). Special thanks to Patchstack. |
| 132 | |
| 133 | = 1.7.9 = |
| 134 | |
| 135 | * Fixed a deprecated notice for the get_currentuserinfo() function. |
| 136 | |
| 137 | = 1.7.8 = |
| 138 | |
| 139 | * Fixed a warning that occurred in version 1.7.7. |
| 140 | |
| 141 | = 1.7.7 = |
| 142 | |
| 143 | * Fixed a bug where the renamed login URL was leaked when wp-register.php was accessed. |
| 144 | |
| 145 | = 1.7.6 = |
| 146 | |
| 147 | * Fixed an issue where a warning occurred on the login screen in PHP 8.x environments. |
| 148 | |
| 149 | = 1.7.5 = |
| 150 | |
| 151 | * Fixed an issue where a fatal error occurred on the Update Notifications screen in PHP 8.x environments. |
| 152 | |
| 153 | = 1.7.4 = |
| 154 | |
| 155 | * Changed the directory for storing CAPTCHA image files to wp-content/siteguard/. |
| 156 | * Fixed some bugs. |
| 157 | |
| 158 | = 1.7.3 = |
| 159 | |
| 160 | * Fixed an issue where password reset emails could not be sent from the admin page when CAPTCHA was enabled. |
| 161 | |
| 162 | = 1.7.2 = |
| 163 | |
| 164 | * Reviewed and modified source code related to security. |
| 165 | |
| 166 | = 1.7.1 = |
| 167 | |
| 168 | * Fixed an issue where a syntax error occurred in PHP 5.6 or earlier. |
| 169 | |
| 170 | = 1.7.0 = |
| 171 | |
| 172 | * Removed the ability to get the client IP address from X-Forwarded-For due to IP spoofing risk. |
| 173 |