Description
XO Security is a plugin to enhance login related security.
This plugin does not write to .htaccess file. Nginx and IIS also work.
Functions
- Record login log.
- Limit login attempts.
- Login Alert.
- Add Captcha to the login form and comment form.
- Change the URL of the login page. (WordPress multisite subdomain type is not supported).
- Disable login by mail address.
- Disable login by user name.
- Change login error message.
- Disable XML-RPC and XML-RPC Pingback.
- Disable REST API.
- Change REST API URL prefix.
- Disable author archive page.
- Remove comment author class of comments list.
- WordPress multisite support.
- WooCommerce login page protection.
Screenshots
Login log page. 
Status page. 
Login setting page.
Installation
- Upload the
XO-Securityfolder to the/wp-content/plugins/directory. - Activate the plugin through the Plugins menu in WordPress.
- Go to “Settings” -> “XO Security” and customize behaviour as needed.
FAQ
-
Login page is not displayed.
-
Please initialize the settings.
- In wp_options table, the value of the option_name field (column) is to remove the record of “xo_security_options”.
- If you have set the login page, please delete the file.
-
The CAPTCHA is not displayed.
-
Please install mbstring and GD module.
Reviews
13 October 2019
This plugin does its job well and clean. Another thing I Love bout this plugin is the lightness. Keep up da good work guys!
18 June 2019
This is awesome plugin!
It has all the features I need and is very easy to use.
8 October 2017
I was able to change the login URL with Nginx.
すばらしいプラグインです。
Contributors and Developers
“XO Security” is open source software. The following people have contributed to this plugin.
Contributors
“XO Security” has been translated into 1 locale. Thank you to the translators for their contributions.
Translate “XO Security” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Change Log
2.6.1
- Changed so that the site health does not show “Your site could not complete a loopback request”.
2.6.0
- Changed to remove the standard sitemap user provider when disabling the author archive.
2.5.7
- Fixed a bug where the Captcha was not displayed on the WooCommerce login page.
2.5.6
- Fixed a bug that an error occurred on the WooCommerce login page.
2.5.2
- Fixed a bug that doesn’t work on PHP 7.0 or below.
2.5.0
- Added login type column to login log.
- Fixed an error where some IPv6 addresses could not be logged.
2.4.1
- Fixed a bug that an error occurs in the site health status.
- Changed the way IP addresses are obtained.
2.4.0
- Added the option to select the method of acquiring the IP address.
- Fixed missing translation text.
- Tweaked the CSS on the admin page.
2.3.0
- Added a feature to disable login by user name and enable login by email only.
2.2.1
- Supported PHP 7.3.
2.2.0
- Supported WordPress 5.3.
2.1.5
- Fixed a bug that could not open password protected post.
2.1.3
- Fixed a bug that could slow down the display of the admin page. (Thanks to mocchii)
2.1.0
- Added function to display site information.
2.0.0
- Added option to change login error message.
- Added option to disable login by mail address.
1.5.3
- Fixed XSS vulnerability. (Thanks to pluginvulnerabilities.com)
1.0.0
- Initial release.