Title: Security-Protection
Author: webvitalii
Published: <strong>2014년 2월 26일</strong>
Last modified: 2020년 9월 5일

---

플러그인 검색

이 플러그인은 **최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다**. 워드프레스의
좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 
있을 수 있습니다.

![](https://s.w.org/plugins/geopattern-icon/security-protection.svg)

# Security-Protection

 작성자: [webvitalii](https://profiles.wordpress.org/webvitaly/)

[다운로드](https://downloads.wordpress.org/plugin/security-protection.2.3.zip)

 * [세부사항](https://ko.wordpress.org/plugins/security-protection/#description)
 * [평가](https://ko.wordpress.org/plugins/security-protection/#reviews)
 *  [설치](https://ko.wordpress.org/plugins/security-protection/#installation)
 * [개발](https://ko.wordpress.org/plugins/security-protection/#developers)

 [지원](https://wordpress.org/support/plugin/security-protection/)

## 설명

 * **[Security-Protection](http://web-profile.net/wordpress/plugins/security-protection/)**
 * **[Donate](http://web-profile.net/donate/)**
 * **[WordPress plugins](http://web-profile.net/wordpress/plugins/)**

**Why humans should prove that they are humans by filling captchas? Lets bots prove
that they are not bots with adding javascript to their user-agents!**

Security-Protection blocks and stops brute-force attacks.
 [Want to read more how Security-Protection plugin works](https://wordpress.org/plugins/security-protection/faq/)?

 * **no captcha**, because brute-force attacks is not users’ problem
 * **no options**, because it is great to forget about brute-force attacks completely

Plugin is easy to use: just install it and it just works.

Important: **delete ‘admin’ username** if you have it on your site. More than 90%
of brute-force attacks try to crack the ‘admin’ username.

Few of the most commonly used and worst passwords. Do not use them or similar:

 * 123456
 * p@s$w0rd
 * qwerty
 * qwe123
 * admin123
 * iloveyou
 * letmein

#### Useful:

 * [“Page-list” – show list of pages with shortcodes](https://wordpress.org/plugins/page-list/)
 * [“Iframe” – embed content](https://wordpress.org/plugins/iframe/)
 * [WordPress Pro plugins](http://web-profile.net/wordpress/plugins/)

## 설치

 1. 플러그인 페이지에서 인스톨 후 엑티베이트 하세요
 2. enjoy life without login, register and reset-password brute-force attacks

## FAQ

### Compatible with:

 * [WooCommerce](https://wordpress.org/plugins/woocommerce/)

### How does Security-Protection plugin work?

The blocking algorithm is based on 2 methods: ‘invisible js-captcha’ and ‘invisible
input trap’.
 The ‘invisible js-captcha’ method is based on fact that bots does 
not have javascript on their user-agents. The ‘invisible input trap’ method is based
on fact that almost all the bots will fill inputs with name ’email’ or ‘url’.

### How does Security-Protection plugin work in details?

Two extra hidden fields are added to login, register and reset-password forms.
 
First field is the invisible captcha (copy and paste the code). Second field should
be empty. If the user visits site, than first field is answered automatically with
javascript, second field left blank and both fields are hidden by javascript and
css and invisible for the user. If the brute-forcer tries to submit the form, he
will make a mistake with answer on first field or tries to submit an empty field
and brute-force attack will be automatically rejected.

### How does Security-Protection plugin stop brute-force attacks?

If Security-Protection check was not passed than it is brute-force request and the
login attempt (or registration, or reset password) is blocked even if username and
password are correct.
 Plugin sends fake WordPress login cookies to the brute-force
bot and redirects it to the admin section to emulate that the password is cracked
and many brute-forcers stop their attacks after this. It is really awesome 🙂

### How to test what brute-force attacks are blocked?

You may enable sending info about blocked brute-force attacks to admin email.
 Edit
[security-protection.php](https://plugins.trac.wordpress.org/browser/security-protection/trunk/security-protection.php)
file and find “$secprot_send_brute_force_log_to_admin” and make it “true”.

### How to stop brute-force attacks if plugins does not help?

If all plugins does not help you to stop brute-force attacks – you can simply rename
wp-login.php file (for example ‘wp-login-new.php’) for now and maybe this can help
you to reduce load on your site.
 And also create empty wp-login.php file for not
raising WordPress 404 error because it will start whole WordPress site again during
each wp-login.php access. While wp-login.php renamed – users cannot login, register
and reset password. If you want to have ability to login while you renamed wp-login.
php file you should replace all ‘wp-login.php’ strings inside of the wp-login.php
file to your new filename (for example ‘wp-login-new.php’).

## 후기

이 플러그인에 대한 평가가 없습니다.

## 기여자 & 개발자

“Security-Protection”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에
기여하였습니다.

기여자

 *   [ webvitalii ](https://profiles.wordpress.org/webvitaly/)

[자국어로 “Security-Protection”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/security-protection)

### 개발에 관심이 있으십니까?

[코드 탐색하기](https://plugins.trac.wordpress.org/browser/security-protection/)
는, [SVN 저장소](https://plugins.svn.wordpress.org/security-protection/)를 확인하시거나,
[개발 기록](https://plugins.trac.wordpress.org/log/security-protection/)을 [RSS](https://plugins.trac.wordpress.org/log/security-protection/?limit=100&mode=stop_on_copy&format=rss)
로 구독하세요.

## 변경이력

#### 2.3

 * Minor updates

#### 2.2

 * added compatibility for WooCommerce
 * code cleanup
 * bugfixing
 * move javascript file to footer
 * added SECURITY_PROTECTION_VERSION constant

#### 2.1

 * masking password in the email log for successful login
 * cleanup code
 * update FAQ

#### 2.0

 * completely rewrote all the code and reorganize the logic of the plugin (now plugin
   adds two hidden fields – aka ‘invisible js-captcha’)
 * added ‘send_successful_login_log_to_admin’ feature

#### 1.1

 * added sending fake WordPress login cookies to fool the bot

#### 1.0

 * initial release – Protect from login, register and reset-password brute-force
   attacks using cookie check

## 기초

 *  버전 **2.3**
 *  최근 업데이트: **6년 전**
 *  활성화된 설치 **400+**
 *  워드프레스 버전 ** 3.0 또는 그 이상 **
 *  다음까지 시험됨: **5.5.18**
 *  언어
 * [English (US)](https://wordpress.org/plugins/security-protection/)
 * 태그:
 * [Brute Force](https://ko.wordpress.org/plugins/tags/brute-force/)[BruteForce](https://ko.wordpress.org/plugins/tags/bruteforce/)
   [login](https://ko.wordpress.org/plugins/tags/login/)[register](https://ko.wordpress.org/plugins/tags/register/)
   [registration](https://ko.wordpress.org/plugins/tags/registration/)
 *  [고급 보기](https://ko.wordpress.org/plugins/security-protection/advanced/)

## 평점

 별 5점 만점에 4.3점.

 *  [  9/5-별점 후기     ](https://wordpress.org/support/plugin/security-protection/reviews/?filter=5)
 *  [  0/4-별점 후기     ](https://wordpress.org/support/plugin/security-protection/reviews/?filter=4)
 *  [  0/3-별점 후기     ](https://wordpress.org/support/plugin/security-protection/reviews/?filter=3)
 *  [  0/2-별점 후기     ](https://wordpress.org/support/plugin/security-protection/reviews/?filter=2)
 *  [  2/1-별점 후기     ](https://wordpress.org/support/plugin/security-protection/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/security-protection/reviews/#new-post)

[모든  리뷰 보기](https://wordpress.org/support/plugin/security-protection/reviews/)

## 기여자

 *   [ webvitalii ](https://profiles.wordpress.org/webvitaly/)

## 지원

할 말 있으신가요? 도움이 필요하신가요?

 [지원 포럼 보기](https://wordpress.org/support/plugin/security-protection/)

## 기부

이 플러그인이 발전하도록 도우시겠습니까?

 [ 이 플러그인에 기부하기 ](http://web-profile.net/donate/)