Authica

外掛說明

Authica™ transforms your default WordPress login into a fully branded, secure, and user-friendly experience.
Perfect for agencies, developers, and businesses that want both style and security.

Highlights:
– Customizable Login Design — Add your logo, background, overlays, and Google Fonts.
– Two-Factor Authentication (TOTP) (coming soon) — Secure your accounts with app-based 2FA.
– Bot Protection — Cloudflare Turnstile & Google reCAPTCHA v2/v3 supported.
– Brute Force Protection (coming soon) — Lock out suspicious login attempts automatically.
– Login & Logout Redirects (coming soon) — Send users where you want after login/logout.
– Hide / Rename wp-login.php (coming soon) — Block bots targeting the default login URL.
– Security Logs & Alerts (coming soon) — Track login attempts and suspicious activity.

Authica’s free version includes full branding options, Google fonts, restore and backup
Upgrade to Authica Pro for advanced and premium features.

Learn more: https://authica.net

Contributors

emilsim (Emil Simunovic)

Privacy

This plugin uses an optional opt-in to collect non-sensitive diagnostic data and plugin usage information to help improve the product. The opt-in is presented on first use and can be changed at any time under Authica → Account.

Collected data may include: WordPress/site version, language, plugin/theme list and versions, admin email (for license/updates), and anonymized site URL. No personal content or passwords are collected.

Data is processed by our licensing/telemetry provider and by us for support and update delivery.
• Provider’s Privacy & Terms: https://freemius.com/privacy/ , https://freemius.com/terms/

If you choose not to opt in, only the information required to deliver updates to your site is stored (license/installation ID, if you activate a license).

Features

Branding & Design
– Upload your own logo
– Customize colors, backgrounds, and overlays
– Google Fonts
– Live preview via WordPress Customizer

Security & Protection
– Turnstile / reCAPTCHA integration
– Email verification (Pro)
– Hide/Rename wp-login.php (Pro)
– Hide wp-login.php (Pro)

User Experience
– Custom welcome/error messages
– Login & logout redirects
– AJAX-powered login form
– Mobile-first responsive design

External services

Cloudflare Turnstile (human verification)

This plugin can integrate with Cloudflare Turnstile to protect login, registration, and password-reset forms from automated abuse.

• What is it used for?
Turnstile provides a human verification widget to reduce bot signups and credential-stuffing attempts.

• What data is sent and when?
– On pages where the widget is shown, the Turnstile JavaScript file is loaded from
https://challenges.cloudflare.com/turnstile/v0/api.js. When loaded, Cloudflare
may receive standard browser/connection data (e.g., IP address, user agent, referrer)
and evaluate device/browser signals to determine risk, per Cloudflare’s documentation.
– When a verification token is produced by the widget, your WordPress site makes a
server-to-server request to:
https://challenges.cloudflare.com/turnstile/v0/siteverify
The server-to-server verification includes the user’s response token and your secret key.
When a valid client IP is available, the optional remoteip value may also be sent to Cloudflare to improve verification accuracy.

• Where can I learn more?
– Cloudflare Turnstile: https://www.cloudflare.com/products/turnstile/
– Turnstile docs: https://developers.cloudflare.com/turnstile/
– Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
– Cloudflare Terms of Service: https://www.cloudflare.com/terms/

• How do I disable it?
Turnstile integrations can be disabled at Authica → Bot Protection, which stops the
widget from loading and the verification endpoint from being called.

jsDelivr (Chart.js fallback, admin-only)

For the admin “Captcha Statistics” chart, this plugin prefers a local copy of Chart.js
(bundled in assets/vendor/chart.js/). If the local file is not present, it falls back to
loading Chart.js from:
https://cdn.jsdelivr.net/npm/chart.js@4.4.3/dist/chart.umd.min.js

• What data is sent?
Only the administrator’s browser requests the static script file from the CDN.
No user content or personal data is transmitted by this plugin as part of that request.

• How do I avoid the CDN?
Keep the local file at assets/vendor/chart.js/chart.umd.min.js so the fallback is not used.

Email delivery

This plugin uses WordPress wp_mail() to send email verification messages. Mail delivery
is handled by your hosting provider or any SMTP/email plugin you configure. If you connect
a third-party email service (e.g., via an SMTP plugin), that service’s privacy terms apply.
This plugin does not send verification data to any email vendor on its own.

Trademark

Authica™ is a trademark claimed by Emil Simunovic. Registration pending.
WordPress is a registered trademark of the WordPress Foundation, used under license.