Protects WordPress against brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies. Restricts logins with Black IP Access List and White IP Access List. Tracks user and intruder activity.
Pack of useful and five star rated features you’ll love
- Limit Login Attempts protecting WordPress against brute force attacks
- Permit or restrict access by White IP Access list and Black IP Access List
- Rename wp-login.php and hide dashboard /wp-admin/
- Make hidden Custom login URL
- Stop user enumeration
- Hardening: completely disable XML-RPC, WP REST API and feeds any kind
- Support fail2ban
See full list of security features
How does WP Cerber protect sites?
By default WordPress allows unlimited login attempts either through the login form or by sending special cookies. This allows passwords to be cracked with relative ease via brute force attack.
WP Cerber blocks intruders by IP or subnet from making further attempts after a specified limit on retries is reached, making brute force attacks or distributed brute force attacks from botnets impossible.
You will be able to create a Black Access List or White Access List to block or allow logins from a particular IP.
Moreover, you can create your custom login page and forget about automatic attacks to the default wp-login.php, which require constant attention and consumes significant server resources. If an attacker tries to access wp-login.php they will get a 404 Error response and, optional, will be locked out for configured period of time.
WP Cerber tracks time, IP addresses and usernames for successful and failed login attempts, logins, logouts, password changes, blocked IPs and actions taken by itself.
You can hide WordPress dashboard (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and they attempt to access the dashboard by requesting /wp-admin/, WP Cerber will return a 404 Error.
Massive botnet brute force attack? That’s no longer a problem. Citadel mode will automatically be activated for a period after several unsuccessful login attempts and prevent your site from making further attempts to log in with any username.
What does “Cerber” mean?
Cerber is derived from the name Cerberus. In Greek and Roman mythology, Cerberus is a multi-headed dog with a serpent’s tail, a mane of snakes, and a lion’s claws. Nobody can bypass this angry dog. Now you can order WP Cerber to guard the entrance to your site too.
P.S. This brand new plugin is inspired by the Limit Login Attempts plugin. That was useful plugin. It has worked fine for many of my client’s sites for years. But now Limit Login Attempts is outdated. Welcome WP Cerber!
P.P.S. My goal is to build reliable solutions which are simple, useful, and fun to work with. After 6+ years of building solutions and plugins for WordPress and 15 years of experience in web development I’ve learned a lot about doing things the right way. About the author.
See people reviews from around the world
Download plugin from WordPress.org
Last posts from my Security Blog
- Using IP Access Lists to protect WordPress 12/04/2016
- Why we need to use Custom login URL 12/01/2016
- Why reCAPTCHA does not protect WordPress from bots and brute-force attack 11/29/2016
- Cloudflare and WordPress Cerber 11/25/2016
- Notifications on WordPress user logs in 11/20/2016