Two-factor authentication (formerly IP Vault) Two-factor authentication (formerly IP Vault)

Two-factor authentication (formerly IP Vault)

Created by: Paul C. Schroeder

Rating:
Downloaded: 848 times
#brute-force#ip#lock#protection#security
Code

IP Vault lets you protect your WordPress backend – and any other part of your website – from non verified users.

IP Vault Firewall also preserves your server ressources and bandwidth by blocking hacking attempts before they reach your site.

How does it work ?

Requests to protected files and folders are redirected to the Authentication Page. IP Vault unlocks user’s IP addresses using a key
that is emailed for authentication. Once users verify their account, they can access all restricted areas. Users are automatically verified on registration.

What is protected ?

Out-of-the box, IP Vault restricts access to .php and .phtml files, as well as wp-admin folder, which are frequently exploited by bad bots and hackers.
You can choose which part of your site to protect. Need to make the whole website private ? No problem, just restrict access to /.

The story behind this plugin

In the past 20 years, I have been monitoring a few dozen client sites to prevent malicious access. I have also helped a great number of people to clean their website from malware.
I noticed that even marginal WordPress sites or non-wordpress PHP based sites are constantly exposed to hacking attempts.

Almost all exploits I have seen work by either calling a vulnerable PHP script already on the server, by adding such a script or by injecting their own code into an existing script.

I have tried and tested quite a few security plugins. They can be quite complex to set up and to maintain. Some security plugins try to block access to vulnerable files by comparing requests to a blacklist.
These tend to become quite large and need frequent updates to be efficient. Others use geo-blocking services to block requests from certain countries. However in my experience, hacking attempts can come from just about any location.

I thought there must be a better way using whitelists for verified users instead. And that’s how the idea for IP Vault was born.

To Dos

  • add option to get auth code by SMS (requires users to register phone number)

I love this plugin. How can I contribute ?

  • Rate plugin and leave feedback on WordPress.org
  • Help resolve questions in support forums
  • Help with translations
  • Donate

Disclaimer

This plugin uses the following 3rd Party services :

Screenshots

  • Authentication Page
  • Dashboard Widget
  • Which files and folders should be protected ?
  • IP Address Whitelist
  • Blocked connection logs & stats

Categories

seogoogle-analyticsbackupscachingsecurityformspopupsgalleriessocial-mediacalendarmembershipdirectorybooking

Get New Themes & Resources