This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Coin Auth

Description

This plugin deters brute-force attacks on the WordPress admin dashboard by implementing a “proof-of-work” authentication workflow using the Coinhive.com captcha API. This plugin requires a Coinhive.com account to mine cryptocurrency in the browser. The server will verify the amount of work completed by the client and allow a login request to wp-login.php if verification is successful. We hope to deter brute-force attacks on WordPress sites by introducing this economic control.

To do

  • Logging feature
  • Pull additional data about coinhive account to display in admin dashboard
  • Assign additional work to brute-force offenders automatically

Additional reading

3rd party tools used in this project & privacy

Screenshots

  • WordPress login, proof-of-work UNVERIFIED
  • WordPress login, proof-of-work VERIFIED
  • Coin Auth Settings
  • 'proof-of-work' workflow

Installation

  1. Upload coin-auth to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Register with coinhive.com -> Dashboard -> Sites & API Keys -> Copy API credentials (Site Key, and Secret Key)
  4. In the WordPress admin dashboard, go to Settings -> Coin auth and enter your API credentials
  5. Click save

FAQ

Q: What is cryptocurrency?
A: Magical internet money! Cryptocurrency like bitcoin, and others, are “mined” by solving complex mathematical problems. See additional reading section of this readme to learn more.

Q: What is a brute-force attack?
A: In terms of WordPress, it’s when an adversary tries to guess your password by submitting a lot of login requests.

Q: Will I get rich off of brute force attacks?!
A: More than likely not, but adversaries will waste a lot of time trying to guess your password.

Q: Does this mine Bitcoins in the browser?
A: No, the coinhive API only supports Monero

Q: Is this officially supported, or endorsed by Coinhive.com?
A: No, I am an individual developer and have designed this plugin on my own accord for research. If you need support please visit the Github repo and open an issue.

Q: How do I get money from this plugin?
A: The goal here is to deter brute-force login attacks and waste adversaries time, not to make lots of money. There is cryptocurrency that is generated from each login request and can be deposited to the monero wallet of your choice. This is all configurable in the Coinhive.com dashboard.

Installation Instructions
  1. Upload coin-auth to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Register with coinhive.com -> Dashboard -> Sites & API Keys -> Copy API credentials (Site Key, and Secret Key)
  4. In the WordPress admin dashboard, go to Settings -> Coin auth and enter your API credentials
  5. Click save

Contributors & Developers

“Coin Auth” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Coin Auth” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0

  • Initial fork and release

This project was forked from version 1.6 of https://github.com/ashmatadeen/no-captcha