Shield WP Admin

外掛說明

Shield WP Admin is a lightweight yet powerful plugin designed to enhance the security of your WordPress admin area. With an easy-to-use interface and essential protection tools, it helps safeguard your site against common threats and vulnerabilities.

Key Features:

• Custom Admin Login URL
  Hide or customize the default /wp-login.php URL to prevent unauthorized login attempts.

• Limit Login Attempts
  Protect against brute-force attacks by limiting failed login retries.

• Google reCAPTCHA Integration
  Add reCAPTCHA to the login screen to block bots and automated scripts.

• Disable XML-RPC
  Prevent exploitation via XML-RPC by disabling its access entirely.

• Disable File Editor
  Block access to the theme and plugin file editor in the WordPress dashboard.

• Hide WordPress Version
  Conceal your WordPress version from source code to reduce exposure to targeted attacks.

• Force HTTPS Redirection
  Redirect all HTTP requests to HTTPS to ensure secure access.

• Disable Pingbacks & Trackbacks
  Protect your site from spam and DDoS attacks by disabling pingbacks and trackbacks.

• IP Blacklisting
  Block specific IP addresses directly from the admin panel to protect the site.

• Admin Login Form Logo Change
  Customize the logo displayed on the WordPress login form.

• Audit Logs
  Shield WP Admin includes an Audit Logs admin page to help you monitor user login activity.

  • Where to find it: WordPress Admin -> Shield WP Admin -> Audit Logs
  • What it records: user login activity events (e.g. successful/failed logins).
  • Why it helps: Investigate suspicious access attempts and review login history.

Why Shield WP Admin?

Whether you’re a developer or a site owner, Shield WP Admin provides a smart, flexible solution to strengthen your WordPress backend without bloating your site or overwhelming your dashboard.

Shield WP Admin Pro Features:

Shield WP Admin Pro is a powerful WordPress security plugin designed specifically to protect and harden the WordPress admin area. It focuses on preventing unauthorized access, reducing common attack vectors, and providing administrators with clear visibility into security-related activities.

Instead of relying on a single protection layer, Shield WP Admin Pro applies multiple security mechanisms such as login protection, two-factor authentication, bot detection, file change monitoring, and backup recovery tools. The plugin is suitable for single-site owners, agencies, and developers managing multiple WordPress installations.

Click here to purchase Shield WP Admin Pro now!

Read our plugin documentation for more details.

1. Login Security:

The Login Security module protects your WordPress login system against automated bots, brute-force attempts, and malicious injection attacks. It also allows you to configure notifications and manual user registration approval.

2. Rate Limit & Bot Protection:

The Rate Limit & Bot Protection module helps protect your WordPress admin area and custom login page from automated bots, excessive requests, and brute-force attacks by monitoring request patterns and user-agent behavior.

3. Fake Bot Detection:

The Fake Bot Detection feature protects your website from malicious crawlers that pretend to be legitimate search engine bots such as Googlebot, Bingbot, or other well-known crawlers. Many bots fake their User-Agent string to bypass basic security checks. Shield WP Admin Pro verifies these requests using DNS validation to ensure that the request actually originates from the official crawler network.

4. Two-Factor Authentication:

The Two-Factor Authentication (2FA) adds an extra layer of security to WordPress user accounts by requiring a second verification step during login. Even if a password is compromised, unauthorized access is prevented.
Supported Authenticator Apps: Google Authenticator (iOS & Android) and Microsoft Authenticator (iOS & Android)

5. Secure APIs:

The Secure APIs module helps protect your WordPress site from data exposure and abuse through REST APIs and application-level entry points.

6. Hotlink Protection:

The Hotlink Protection feature prevents other websites from directly embedding your images and media files, helping to protect your bandwidth and server resources. When hotlink protection is enabled, only approved domains are allowed to load images hosted on your website.

7. Malware Scanner:

The Malware Scanner module scans your WordPress installation for suspicious files, malicious code patterns, and unexpected file changes that may indicate a security threat. It provides manual and automatic scanning options, quarantine handling, and file exclusion controls to give you full visibility and control.

8. File Modified Scanner:

The File Modified Scanner helps you monitor changes made to your WordPress files. It is designed to detect unauthorized or unexpected file modifications that may indicate hacking, malware injection, or suspicious activity.

9. Login Analytics:

The Login Analytics module provides detailed insights into user login activity across your WordPress site. It helps administrators monitor login behavior, detect unusual access patterns, and improve overall account security.

10. Traffic Analytics:

The Traffic Analytics module provides real-time visibility into visitor activity across your WordPress site. It tracks page hits, requests, IP addresses, referrers, and client details to help you understand traffic behavior and detect suspicious activity.

11. Backup & Restore:

The Backup & Restore feature allows you to create secure backups of your WordPress site and restore them when needed. This is especially useful before updates, migrations, troubleshooting, or recovering from unexpected issues.

12. Email & SMTP:

The Email & SMTP module ensures reliable email delivery for all system notifications, security alerts, and OTP emails generated by Shield WP Admin Pro. Proper SMTP configuration is essential for features such as Email OTP, alerts, and administrative notifications.

External Services

This plugin uses Google reCAPTCHA to protect the admin login from automated brute-force attacks.

• Service Used: Google reCAPTCHA
• Service Domain: https://www.google.com/recaptcha
• Purpose: Used to verify that the user is human, preventing spam or Brute-force attacks on admin login protected by the plugin.
• What Data is Sent: When a user interacts with a reCAPTCHA-protected form, their interaction (including IP address, user agent, and possibly cookies) is sent to Google’s reCAPTCHA service for validation and verification.
• When Data is Sent: This data is transmitted to Google when the form is loaded (due to the JS script) and again when the form is submitted.
• Service Provider: Google
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy