Description
Sovaryx Login Security strengthens your WordPress site’s security with essential features while staying lightweight and easy to operate.
Key Features
- Dashboard – Security score display with quick overview of your site’s security status
- Security Headers Scan – HTTP header validation and security recommendations
- REST API Scan – Comprehensive API endpoint security verification (18 checks)
- Login Security – Multi-layer login protection including brute force protection, IP restrictions, reCAPTCHA, Email OTP authentication (with default email templates), and threat intelligence integration
- API Protection – REST API rate limiting and user enumeration prevention
Highlights
- Lightweight design – Minimal impact on site performance
- Multi-language support – English and Japanese
- Plugin conflict detection – Automatic detection and warnings
System Requirements
- WordPress 6.0 or higher
- PHP 7.4 or higher
- MySQL 5.7+ / MariaDB 10.2+
External Services
This plugin connects to external services for certain features. Below is a description of each service, what data is sent, and when.
Google reCAPTCHA (Optional)
When you enable reCAPTCHA protection for the login page, this plugin loads Google reCAPTCHA scripts and sends verification requests.
- Service Provider: Google LLC
- What it is used for: Protecting the login page from automated bots and brute force attacks
- Data sent: User IP address, browser information, and interaction data for bot detection
- When data is sent: When the login page is loaded and when a login form is submitted
- Terms of Service: https://policies.google.com/terms
- Privacy Policy: https://policies.google.com/privacy
Threat Intelligence Services (Optional)
When threat intelligence features are enabled in Login Security settings, the plugin queries external threat databases to check visitor IP addresses for malicious activity. This helps protect your login page from known attackers.
Spamhaus
* What it is used for: Checking if an IP is listed in spam/threat databases
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.spamhaus.org
* Terms: https://www.spamhaus.org/legal/
AbuseIPDB
* What it is used for: Checking IP abuse reports
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.abuseipdb.com/legal
* Privacy Policy: https://www.abuseipdb.com/privacy
Project Honey Pot
* What it is used for: Identifying harvesters, spammers, and malicious bots
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.projecthoneypot.org
* Terms: https://www.projecthoneypot.org/terms_of_service_use.php
Cloudflare Radar
* What it is used for: Checking if an IP address is associated with malware, botnets, phishing, or spam
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.cloudflare.com/terms/
* Privacy Policy: https://www.cloudflare.com/privacypolicy/
IP2Location / IP2Proxy
* What it is used for: Detecting proxy, VPN, and Tor connections from visitor IP addresses
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.ip2location.com/terms
* Privacy Policy: https://www.ip2location.com/privacy-policy
Installation
- Upload the
sovaryx-login-securityfolder to the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Sovaryx Login Security in the admin menu to configure security features
FAQ
-
What features are included?
-
Sovaryx Login Security includes:
– Security score dashboard
– Security headers scan with recommendations
– REST API security scan (18 checks)
– Login security (brute force protection, IP restrictions, reCAPTCHA, Email OTP with default templates)
– Threat intelligence integration (Spamhaus, AbuseIPDB, Project Honey Pot)
– API protection (rate limiting, user enumeration prevention) -
Can I customize email notifications?
-
Email notifications are sent using default templates for brute force protection and other security events.
-
Can I use this with other security plugins?
-
Yes. However, if features overlap with other security plugins (such as custom login URL or brute force protection), the plugin will automatically detect and display a warning. We recommend disabling overlapping features in one of the plugins to avoid conflicts.
-
Does this affect site performance?
-
Sovaryx Login Security is designed to be lightweight. Scans are run on-demand, so they don’t affect normal page loads.
-
Will I be locked out if I deactivate the plugin?
-
No. When the plugin is deactivated, security features like IP restrictions are also disabled automatically. You can log in normally. Settings are restored when the plugin is reactivated.
Avis
Il n’y a aucun avis pour cette extension.
Contributeurs/contributrices & développeurs/développeuses
« Sovaryx Login Security » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Sovaryx Login Security » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal des modifications
1.0.0
- Initial deployment as Sovaryx Login Security
- Independent repository and deployment workflow
- Includes login protection, security diagnostics, and API protection features