SeCWurity WP Login
SeCWurity WP Login
Description
Is there any doubt the security of your site? Do you think that your computer has keylogger virus? Do you think someone has stolen your password? None of this is important when you get this plugin 🙂
SeCWurity WP Login is coded for your sites against brute force attacks, keylogger viruses and more..
Features:
- Security code protection: In addition to your WordPress password, the login form asks for randomly selected characters of a secret security code. Because only a few random characters are asked on each attempt, a keylogger cannot capture the whole code.
- Login page URL protection: Your login page is only reachable with a secret URL parameter (for example
wp-login.php?param=value). Visitors without the correct parameter are redirected to the home page.
Installation
- Upload folder of plugin to the
/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Settings > SeCWurity WP Login and make the settings by yourself.
- Do not forget to change your security code. The default code is
cw-pass.
Screenshots
Faq
You can change it by editing the SCWL_sifre option in the database, or disable the plugin by renaming its folder via FTP.
It is shown on the plugin settings page, in the form https://yoursite.com/wp-login.php?param=value. Save it somewhere safe.
Reviews
Changelog
3.0
- Security: fixed an information disclosure where the secret login URL was revealed to anyone requesting the login page with the site admin e-mail address as a parameter.
- Security: the characters asked on the login form are now bound to a signed, expiring token, so an attacker can no longer choose which character positions to answer.
- Security: settings form is now protected with a nonce and capability checks; all inputs are sanitized and all outputs are escaped.
- Security: character comparison now uses timing-safe checks.
- Fixed URL protection running after output was already sent; it now runs on
login_initand uses a proper redirect instead of a broken 404 page. - Fixed login form submissions being blocked by URL protection; the secret parameter is now preserved during form submission.
- Multibyte (UTF-8) security codes are now handled correctly.
- Removed the bundled jQuery copy; scripts are now enqueued the WordPress way and the login script no longer needs jQuery at all.
- Removed promotional admin pages and external hotlinked images; the plugin now adds a single page under Settings.
- Plugin settings are no longer deleted on deactivation; they are removed only when the plugin is uninstalled.
- Admin interface is now in English and fully translatable (Turkish translation can be provided via language packs).
- Tested up to WordPress 7.0 and PHP 8.4.
2.1
Performance is increased by reducing the number of files.
2.0
New features were added.
Interface design was updated.
1.0
Some bugs were fixed.




