Security is a major issue for modern websites. A wordpress website might be vulnerable to brute force attack if proper measure isn’t taken in time. This is a script which limits the capability of brute force attackers.
Limiting WP login attempts:
After certain unsuccessful login attempt, this script lockout further attempt for a predefined time (we can set the time duration).
Require this file inside theme’s functions.php file and set the `failed_login_limit & `lockout_duration` as per your need.
<?php
/**
* CLASS LIMIT LOGIN ATTEMPTS
* Prevent Mass WordPress Login Attacks by setting locking the system when login fail.
* To be added in functions.php or as an external file.
*/
if ( ! class_exists( 'Limit_Login_Attempts' ) ) {
class Limit_Login_Attempts {
var $failed_login_limit = 3; //Number of authentification accepted
var $lockout_duration = 1800; //Stop authentification process for 30 minutes: 60*30 = 1800
var $transient_name = 'attempted_login'; //Transient used
public function __construct() {
add_filter( 'authenticate', array( $this, 'check_attempted_login' ), 30, 3 );
add_action( 'wp_login_failed', array( $this, 'login_failed' ), 10, 1 );
}
/**
* Lock login attempts of failed login limit is reached
*/
public function check_attempted_login( $user, $username, $password ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
if ( $datas['tried'] >= $this->failed_login_limit ) {
$until = get_option( '_transient_timeout_' . $this->transient_name );
$time = $this->when( $until );
//Display error message to the user when limit is reached
return new WP_Error( 'too_many_tried', sprintf( __( '<strong>ERROR</strong>: You have reached authentification limit, you will be able to try again in %1$s.' ) , $time ) );
}
}
return $user;
}
/**
* Add transient
*/
public function login_failed( $username ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
$datas['tried']++;
if ( $datas['tried'] <= $this->failed_login_limit )
set_transient( $this->transient_name, $datas , $this->lockout_duration );
} else {
$datas = array(
'tried' => 1
);
set_transient( $this->transient_name, $datas , $this->lockout_duration );
}
}
/**
* Return difference between 2 given dates
* @param int $time Date as Unix timestamp
* @return string Return string
*/
private function when( $time ) {
if ( ! $time )
return;
$right_now = time();
$diff = abs( $right_now - $time );
$second = 1;
$minute = $second * 60;
$hour = $minute * 60;
$day = $hour * 24;
if ( $diff < $minute )
return floor( $diff / $second ) . ' secondes';
if ( $diff < $minute * 2 )
return "about 1 minute ago";
if ( $diff < $hour )
return floor( $diff / $minute ) . ' minutes';
if ( $diff < $hour * 2 )
return 'about 1 hour';
return floor( $diff / $hour ) . ' hours';
}
}
}
//Enable it:
new Limit_Login_Attempts();
?>
Codex reference on Brute Force Attacks.
Changing WP-ADMIN login path or moving all core files into a directory:
This tricks applies for installed wordpress sites. Suppose, we want to move all core files in a directory abc under root directory. In that case admin login URL will also change to domain/abc/wp-admin.
Step-1: Add the directory name in the WordPress Address (URL) field from settings. Here, it is abc
Step-2: Create a directory abc in the root. Move all files except .htaccess and index.php into abc.
Step-3: In the index.php file (which is in the root directory) find the line
require( dirname( __FILE__ ) . 'wp-blog-header.php' );
and change it to
require( dirname( __FILE__ ) . '/abc/wp-blog-header.php' );
All Done.
Creating custom taxonomy
By the following code two new taxonomy actors and producers will be created and will be shown in the sidebar of post editor.
function create_my_taxonomies() {
register_taxonomy('actors', 'post', array(
'hierarchical' => false,
'label' => 'Actors',
'query_var' => true,
'rewrite' => true
));
register_taxonomy('producers', 'post', array(
'hierarchical' => false,
'label' => 'Producers',
'query_var' => true,
'rewrite' => true
));
}
add_action('init', 'create_my_taxonomies', 0);
