Sovaryx Login Security

外掛說明

Sovaryx Login Security strengthens your WordPress site’s login security while staying lightweight and easy to operate.

Key Features

• Dashboard – Security score display with quick overview of your site’s security status
• Security Headers Scan – HTTP header validation and security recommendations
• REST API Scan – Comprehensive API endpoint security verification (18 checks)
• Login Security – Multi-layer login protection including brute force protection (enabled by default), IP restrictions with trusted proxy support, XML-RPC disable option, reCAPTCHA, Email OTP authentication with IP-based rate limiting, and threat intelligence integration
• API Protection – REST API rate limiting and user enumeration prevention

Highlights

• Lightweight design – Minimal impact on site performance
• Multi-language support – English and Japanese
• Plugin conflict detection – Automatic detection and warnings

System Requirements

• WordPress 6.0 or higher
• PHP 7.4 or higher
• MySQL 5.7+ / MariaDB 10.2+

External Services

This plugin connects to external services for certain features. Below is a description of each service, what data is sent, and when.

Google reCAPTCHA (Optional)

When you enable reCAPTCHA protection for the login page, this plugin loads Google reCAPTCHA scripts and sends verification requests.

• Service Provider: Google LLC
• What it is used for: Protecting the login page from automated bots and brute force attacks
• Data sent: User IP address, browser information, and interaction data for bot detection
• When data is sent: When the login page is loaded and when a login form is submitted
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy

Threat Intelligence Services (Optional)

When threat intelligence features are enabled in Login Security settings, the plugin queries external threat databases to check visitor IP addresses for malicious activity. This helps protect your login page from known attackers.

Spamhaus
* What it is used for: Checking if an IP is listed in spam/threat databases
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.spamhaus.org
* Terms: https://www.spamhaus.org/legal/

AbuseIPDB
* What it is used for: Checking IP abuse reports
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.abuseipdb.com/legal
* Privacy Policy: https://www.abuseipdb.com/privacy

Project Honey Pot
* What it is used for: Identifying harvesters, spammers, and malicious bots
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Website: https://www.projecthoneypot.org
* Terms: https://www.projecthoneypot.org/terms_of_service_use.php

Cloudflare Radar
* What it is used for: Checking if an IP address is associated with malware, botnets, phishing, or spam
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.cloudflare.com/terms/
* Privacy Policy: https://www.cloudflare.com/privacypolicy/

IP2Location / IP2Proxy
* What it is used for: Detecting proxy, VPN, and Tor connections from visitor IP addresses
* Data sent: Visitor IP address
* When data is sent: When a visitor accesses the site and threat intelligence is enabled
* Terms of Service: https://www.ip2location.com/terms
* Privacy Policy: https://www.ip2location.com/privacy-policy