PluginProbe ʕ •ᴥ•ʔ
SiteGuard WP Plugin / 1.8.7
SiteGuard WP Plugin v1.8.7
1.8.7 1.8.6 1.8.6-beta1 1.8.6-beta2 1.8.4 1.8.5 1.8.3 1.8.2 1.8.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.2.0 1.2.1 1.2.2 1.2.3 1.4.3 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.7.0 1.7.1 1.7.10 1.7.11 1.7.12 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.0-beta1 1.8.0-beta2 1.8.0-beta3 1.8.0-beta4
siteguard / readme.txt
siteguard Last commit date
admin 2 weeks ago classes 3 days ago css 3 weeks ago images 1 month ago languages 3 days ago really-simple-captcha 1 month ago changelog.txt 1 month ago license.txt 11 years ago readme.txt 3 days ago siteguard.php 3 days ago uninstall.php 2 weeks ago
readme.txt
173 lines
1 === SiteGuard WP Plugin ===
2 Contributors: jp-secure
3 Donate link: -
4 Tags: security, login lock, login alert, captcha, pingback
5 Requires at least: 6.0
6 Tested up to: 7.0
7 Stable tag: 1.8.7
8 License: GPLv2 or later
9 License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
11 Adds WordPress login and admin protections, including CAPTCHA, login lock, login alerts, renamed login URLs, and SiteGuard WAF tuning support.
12
13 == Description ==
14
15 SiteGuard WP Plugin helps protect WordPress sites by strengthening login and admin-area security. It helps reduce brute-force login attacks, password list attacks, comment spam, and unauthorized access to `/wp-admin/`.
16
17 = Main Features =
18
19 * Admin Page IP Filter: Restricts wp-admin access to IP addresses that have successfully logged in.
20 * Rename Login: Changes the URL of the login page from `wp-login.php` to a custom path.
21 * CAPTCHA: Adds CAPTCHA to login, comment, password reset, and user registration forms.
22 * Login Lock: Temporarily locks out IP addresses after repeated failed login attempts.
23 * Login Alert: Sends email notifications when users log in.
24 * Fail Once: Intentionally rejects the first valid login attempt and requires the user to try again shortly after.
25 * Protect XML-RPC: Disables pingbacks or all XML-RPC access to help prevent abuse.
26 * Block Author Query: Helps prevent username leakage through `/?author=<number>` requests.
27 * Update Notifications: Sends email notifications when updates are available for WordPress core, plugins, or themes.
28 * WAF Tuning Support: Creates exclusion rules to help prevent false positives when SiteGuard Server Edition WAF is installed.
29
30 = Requirements and Compatibility =
31
32 * WordPress multisite is not supported.
33 * Apache 1.3, Apache 2.x, and Nginx are supported.
34 * CAPTCHA requires the PHP extensions `mbstring` and `gd`.
35 * WAF Tuning Support requires SiteGuard Server Edition on Apache.
36
37 = Documentation =
38
39 Documentation, FAQs, and more details are available in [English](https://www.jp-secure.com/siteguard_wp_plugin_en/) and [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/).
40
41 = Translations =
42
43 This plugin is translated by the community. We appreciate your help with translations on the [WordPress translation platform](https://translate.wordpress.org/projects/wp-plugins/siteguard/).
44
45 == Installation ==
46
47 = From the WordPress Dashboard =
48
49 1. In the WordPress dashboard, go to Plugins > Add New.
50 2. Search for "SiteGuard WP Plugin".
51 3. Install and activate the plugin.
52
53 = Manual Installation =
54
55 1. Search for and download "SiteGuard WP Plugin".
56 2. In the WordPress dashboard, go to Plugins > Add New > Upload Plugin.
57 3. Upload the downloaded ZIP file.
58 4. Install and activate the plugin.
59
60 == Screenshots ==
61
62 1. SiteGuard WP Plugin dashboard.
63
64 == Frequently Asked Questions ==
65
66 For FAQs, see the [English](https://www.jp-secure.com/siteguard_wp_plugin_en/faq.html) or [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/faq.html) documentation.
67
68 == Changelog ==
69
70 = 1.8.7 =
71
72 * Fixed a cross-site scripting (XSS) vulnerability in the logout URL that could occur when the login page URL is changed.
73
74 Special thanks to daroo (Patchstack) for the report.
75
76 = 1.8.6 =
77
78 * Rename Login: when the login URL falls back to the .php (stub) form, the settings screen now explains why .htaccess could not be used.
79 * Rename Login: fixed the .htaccess self-test so it works when WordPress has been given its own directory (the WordPress Address differs from the Site Address).
80 * Block Author Query: the "Disable REST API" exclusion list now uses REST API namespaces instead of plugin names.
81
82 Special thanks to abcdrew and miwarock777 for their contributions to this release.
83
84 = 1.8.5 =
85
86 * Fixed a security issue affecting the login URL protection on some server configurations.
87
88 Special thanks to goto5656 for the report.
89
90 = 1.8.4 =
91
92 * Fixed a security issue affecting the login URL protection on some server configurations.
93
94 Special thanks to goto5656 for the report.
95
96 = 1.8.3 =
97
98 * Fixed an issue where the cleanup of legacy .htaccess rules (which could lock administrators out of /wp-admin/) did not run on sites that had already updated to 1.8.0 or 1.8.1.
99
100 = 1.8.2 =
101
102 * Fixed an issue where upgrading from 1.7.x to 1.8.x could leave legacy .htaccess rules in place, locking administrators out of /wp-admin/.
103
104 Special thanks to t.inoue for the report.
105
106 = 1.8.1 =
107
108 * Fixed a security issue affecting the login URL protection.
109
110 = 1.8.0 =
111
112 * Added support for Nginx and Apache environments that do not use an .htaccess file.
113 * Improved Login Lock to apply to authentication attempts via XML-RPC.
114 * Fixed several security issues affecting login URL protection.
115 * Reviewed and updated the English strings. Special thanks to abcdrew.
116
117 Special thanks to Daiki Honda and Daishi Kuroki for their contributions to this release.
118 Special thanks to Helena Media Research Corporation for the report.
119
120 = 1.7.12 =
121
122 * Fixed an authorization vulnerability in the login history. Special thanks to Ficus Inc.
123 * Mitigated CAPTCHA authentication failures in some environments.
124
125 = 1.7.11 =
126
127 * Fixed an issue where a syntax error occurred in PHP 5.6 or earlier.
128
129 = 1.7.10 =
130
131 * Fixed a Guessable CAPTCHA vulnerability (CVE-2026-27411). Special thanks to Patchstack.
132
133 = 1.7.9 =
134
135 * Fixed a deprecated notice for the get_currentuserinfo() function.
136
137 = 1.7.8 =
138
139 * Fixed a warning that occurred in version 1.7.7.
140
141 = 1.7.7 =
142
143 * Fixed a bug where the renamed login URL was leaked when wp-register.php was accessed.
144
145 = 1.7.6 =
146
147 * Fixed an issue where a warning occurred on the login screen in PHP 8.x environments.
148
149 = 1.7.5 =
150
151 * Fixed an issue where a fatal error occurred on the Update Notifications screen in PHP 8.x environments.
152
153 = 1.7.4 =
154
155 * Changed the directory for storing CAPTCHA image files to wp-content/siteguard/.
156 * Fixed some bugs.
157
158 = 1.7.3 =
159
160 * Fixed an issue where password reset emails could not be sent from the admin page when CAPTCHA was enabled.
161
162 = 1.7.2 =
163
164 * Reviewed and modified source code related to security.
165
166 = 1.7.1 =
167
168 * Fixed an issue where a syntax error occurred in PHP 5.6 or earlier.
169
170 = 1.7.0 =
171
172 * Removed the ability to get the client IP address from X-Forwarded-For due to IP spoofing risk.
173