XO Security is a plugin to enhance login related security.
This plugin does not write to .htaccess file. Besides Apache, LiteSpeed, Nginx and IIS also work.
- Record login log.
- Limit login attempts.
- Login Alert.
- Add Captcha to the login form and comment form.
- Change the URL of the login page. (WordPress multisite subdomain type is not supported).
- Disable login by mail address.
- Disable login by user name.
- Change login error message.
- Disable XML-RPC and XML-RPC Pingback.
- Disable REST API.
- Change REST API URL prefix.
- Disable author archive page.
- Remove comment author class of comments list.
- WordPress multisite support.
- WooCommerce login page protection.
- Anti-spam comment.
- Hide WordPress version information.
- Edit the author slug.
- Disable RSS and Atom feeds.
- Upload the
XO-Securityfolder to the
- Activate the plugin through the Plugins menu in WordPress.
- Go to “Settings” -> “XO Security” and customize behaviour as needed.
Login page is not displayed.
Please initialize the settings.
- In wp_options table, the value of the option_name field (column) is to remove the record of “xo_security_options”.
- If you have set the login page, please delete the file.
The CAPTCHA is not displayed.
Please install mbstring and GD module.
Contributors & Developers
“XO Security” is open source software. The following people have contributed to this plugin.Contributors
- Fixed a bug that the post list page for each creator on the admin screen is not displayed when the creator archive page is disabled.
- Fixed a bug that login may fail when using CAPTCHA.
- Fixed the html of the setting screen after it was incorrect.
- Omitted the lazy loading attribute of CAPTCHA in the login form.
- Fixed a vulnerability in Authenticated (author +) Time-based SQL Injection. (Thanks to Kenta Yoshida)
- Added the ability to choose whether spam comments should be blocked, marked as spam and saved, or put in the trash.
- Code refactoring.
- Fixed a bug that an error message may be displayed on the admin screen during a new installation.
- Fixed a bug in login log recording.
- Added an option to set the default display method of the login log.
- Fixed a bug where CAPTCHA was ignored and login was possible when PHP session was not available. (Thanks to Jazz@ifNoob)
- In the case of WordPress multisite, the log is recorded for each site.
- Added the ability to disable RSS and Atom feeds.
- Added the editing function of the author slug.
- Disabled auto-completion for CAPTCHA input fields.
- Added the ability to hide WordPress version information.
- Added the ability to block spam comment.
- Restructured the settings page.
- Added the function to customize the login form.
- Changed to remove the standard sitemap user provider when disabling the author archive.
- Added login type column to login log.
- Added the option to select the method of acquiring the IP address.
- Added a feature to disable login by user name and enable login by email only.
- Fixed a bug that could slow down the display of the admin page. (Thanks to mocchii)
- Added function to display site information.
- Added option to change login error message.
- Added option to disable login by mail address.
- Fixed XSS vulnerability.
- Initial release.