A simple, light-weight collection of tools to help protect wp-admin, including password strength requirements and brute-force log-in prevention.
The plugin is only meant to be used with single-site WordPress installations. Some features may still work under multi-site environments, however it would be safer to use some other plugin that is specifically marked WPMU-compatible instead.
If you have accidentally banned yourself, you have a few options: A) wait until the defined time has elapsed; B) log-in from a different network IP (like from a friend's house); C) delete the
apocalypse-meow plugins directory via FTP to force uninstallation of the plugin.
Remember: You can whitelist one or more IP addresses via the settings page to prevent just this sort of thing!
There are three relevant settings to consider:
Here is an example to illustrate the above point: Say the failure limit is 2, we don't reset on success, and the window is 2 hours. If an evildoer messes up the log-in at 10:01, 10:02, and 10:03, the Apocalypse is triggered and lasts until 12:01. If the evildoer were to immediately re-mess up the log-in once more, he/she would again trigger the Apocalypse (failures at 10:02, 10:03, and 12:01), but this time only for one minute, because at 12:02 the 10:02 failure will expire, leaving just 2 failures within the window.
The default values are pretty reasonable, if I do say so myself:
The WordPress permalinks system is kinda finicky. Go to Settings > Permalinks and re-save your configuration.
Of course not! Haha. Apocalypse Meow only records the following information with each log-in attempt:
WordPress themes and plugins are made up of PHP scripts that should only be executed indirectly through the WordPress engine. Of course, some plugins and themes are poorly coded and do not fully exist within the WP framework and so might break if direct PHP execution is disabled. But hey, if things break, simply disable this option. ;)
As of version 1.5.0, it is now possible to specify an alternative $_SERVER variable Apocalypse Meow should use to determine the visitor's "true" IP. It is important to note, however, that depending on how that environmental variable is populated, the value might be forgeable. Nonetheless, this should be better than nothing!