Barbwire Security


This plugin enhances the WordPress security.
Effective such as the brute force attack.
Includes the following specific functions.

1.Google reCaptcha v3 protect login screen from bot attacks.

2.Change the URL of the login screen, to avoid attacks on the login screen.
You can ward off tying for try to login for cracking, such as Brute-force attack.
Adding parameter to login URL so that default login url will hidden.

3.Block the display of author archive page
WordPress leaks your login id because of redirect author archive page by author id to login id.
(If you enter “your-site-url/?author=1”, you can try it.)
Simply hideing author archive page so that block to leak login id.

4.To limiting the part of the XML-RCP feature prevents the attack.
Block DDOS attacks against other sites with yor WordPress site, pingback enabled.
Block login via XML-RPC.

5.Disable the REST API function and reduce the risk of receiving external attacks.
You can disable all REST APIs and you can partially disable them.
(This feature will be removed in version 2.1.)

These features will be able to choose whether or not to enable.

This plug-in does not change the .htaccess
You can use with confidence.
Also it works in both Apache and nginx.

(photo by Keoni Cabral


  • Setting

  • Setting

  • Help


  1. Install and activate the plugin through the ‘Plugins’ menu in WordPress.
  2. Go to Settings > Barbwire Security.
  3. Perform the necessary settings and press the Save button.


2020년 4월 27일
ダミーurlにnoindexがついてないので、被リンクされると、サイト内検索と同等のSEOリスクがある。 当方重たいSEO系プラグインは使わないので、noindex追加が欲しいところ。
모든 2 평가 읽기

기여자 & 개발자

“Barbwire Security”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.


“Barbwire Security”(이)가 1(으)로 번역되었습니다. 기여해 주셔서 번역자님께 감사드립니다.

자국어로 “Barbwire Security”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.



fix error message to be displayed once even when the reCaptcha key was correct.
update disabling only XML-RCP pingback to disabling pingback and login.
fix typo


add Google reCaptcha v3 protect login screen from bot attacks.


add parameter to logout url

update renew readme.txt and plugin file header.
update move the translation from mo files to Polyglots

fix From version, part of the login URL change function was not working properly.
update do refactor
fix documentation

update remove unused code.

update replace deprecated action hook.

fix bug for subdirectory type WordPress.


update For WordPress 5.3

fix Fetal error.


fix Bug prevent access to password-protected content.


fix Error when the version of WordPress does not support REST API.


fix Error on setting screen in Version 4.6.x or earlier.


change Possible to finely set the restriction of REST API
change Move menu to submenu of option
fix Remove Notice Error in setting page
add Link to setting page to plugin list page
Specify support for version 4.9




fix settings page duplication
Specify support for version 4.8.2


Add new function, Disable the REST API
Refactor source codes


fix readme.txt


fix disnable pingback function was not working
add function block the display of author archive page
add help documentation


fix login page will divulge, when using Permalink settings
Thanks to @nyarocom pointed out.(


fix php warning message


fix error error of removing the plugin


First release