Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Project Force Field

Save your WordPress sites and servers from certain death during brute force attacks with Project Force Field by Orion Group!

Why does my browser say "Access forbidden!" or "Error 403" when I try to login at <your site>/wp-login.php

Because that's what Project Force Field does. You need to login by going to <your site>/wp-admin/

How do I change safe-entrance.php to something else?

You can specify your own login by defining OGFF_LOGIN in your wp-config.php file (normally found in your WordPress directory). If you wanted to change your login to sneaky-entrance.php, add the following as its own line: define( 'OGFF_LOGIN', 'sneaky-entrance.php' ); Do not use slashes /, do not specify a file that exists, and do not specify a directory that exists!

Does Project Force Field cause issues with WordPress for iOS or ManageWP?

WordPress for iOS still logs in with Project Force Field enabled. Adding your site to ManageWP will still work as long as you install the ManageWP Worker plugin beforehand.

Does this plugin work on Nginx, IIS, or anything else not Apache?

Nope. We use Apache, so adding support for any other server wouldn\'t be productive for us. If you, however, are a programmer and know how to make this feature for your server of choice, take what you want from this plugin, develop your version, and let me know so I can link to it :)

Couldn't you handle this with the WordPress Rewrite API?

We wanted to avoid running PHP and loading WordPress just to block a request to wp-login.php. We were experiencing over 100 requests a minute, that started to eat up server resources fast! By taking advantage of Apache's mod_rewrite module, we can block all requests to wp-login.php without loading WordPress. It's great that WordPress has a Rewrite API, but it just isn't the right solution for Project Force Field.

How do I enable mod_rewrite?

You can find instructions here: http://codex.wordpress.org/Using_Permalinks#Fixing_Permalink_Problems

How do I give write access to my .htaccess file?

You can find instructions here: http://codex.wordpress.org/Using_Permalinks#Fixing_Permalink_Problems

When in the Dashboard, WordPress asks me to log back in, but when I try to login it says "Forbidden"

When your session expires in WordPress, you can be prompted to log back in. If a brute force attack is detected after the login window pops-up, you will get this message. We're working on adding a script to update that window when the login url is changed, until then, you will just have type <your domain name>/wp-admin/ to log back in.

Requires: 3.8 or higher
Compatible up to: 3.9.16
Last Updated: 3 years ago
Active Installs: 500+


4.6 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1
100,5,5 100,6,6 100,4,4 100,1,1
100,4,4 100,4,4