User Locker - Projekty
| << Wstecz Subscribe to Comments Now! | ^^ Spis treści | Dalej >> Google Integration Toolkit |
Note: for English version click here.
WordPress zaraz po instalacji jest podatny na ataki brute force oraz ataki słownikowe. Jest tak dlatego ponieważ nie ma on żadnego limitu ile razy można podawać złe hasło, zanim znajdzie się to dobre. Tą dziurę w jego bezpieczeństwie można jednak łatwo załatać za pomocą pluginu User Locker. Wprowadza on maksymalną ilość nieprawidłowych prób logowania, po przekroczeniu której konto jest blokowane. Aby je odblokować, trzeba użyć opcji przypominania zapomnianego hasła lub poprosić admina o odblokowanie konta. Dzięki takiemu zabezpieczeniu ataki brute force oraz słownikowe na WordPress'a stają się praktycznie niemożliwe.
Za pomocą tego pluginu można także wyłączyć konta wybranych użytkowników, aby nie mogli się zalogować nawet jeżeli znają hasło. W ten sposób można prosto banować wybranych użytkowników.
Plugin potrafi też wyświetlać statusy kont poszczególnych użytkowników na liście wszystkich kont. Do działania tej opcji wymagany jest WordPress w wersji co najmniej 2.8.
Plugin ten jest można pobrać ze strony wordpress.org.
Historia wersji
- 1.1.5
- Dodałem białoruskie tłumaczenie (dziękuję ilyuha)
- 1.1.4
- Dodałem rosyjskie tłumaczenie (dziękuję Fat Cow)
- 1.1.3
- Dodałem francuskie tłumaczenie (dziękuję Gilles)
- 1.1.2
- Dodałem niemieckie tłumaczenie (dziękuję GhostLyrics);
- Plugin oznaczony jako testowany z WP 2.8.1
- 1.1.1
- Plugin oznaczony jako testowany z WP 2.8
- 1.1
- Dodałem opcję wyłączania kont (zablokowani użytkownicy nie mogą się zalogować, nawet jeżeli znają hasło);
- Administrator może włączać i wyłączać statusy "wyłączone" i "zablokowane" dla konta poprzez edycję profilu użytkownika;
- Wyświetlanie statusu konta na liście użytkowników (wymaga WP 2.8+).
- 1.0
- pierwsza wersja
English Version
Default Wordpress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. You can close this hole using User Locker plugin. It introduces maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option) or asking Admin for help (he/she can do it too). This makes brute force and dictionary attacks nearly impossible.
You can also disable selected user accounts, so users will not be able to log in even if they will know password. You can use this feature to ban selected users.
Plugin also can display account statuses on user list. This option requires WordPress 2.8 or greater.
You can download this plugin from wordpress.org site.
Version history
- 1.1.5
- Added Belorussian translation (thanks ilyuha)
- 1.1.4
- Added Russian translation (thanks Fat Cow)
- 1.1.3
- Added French translation (thanks Gilles)
- 1.1.2
- Added German translation (thanks GhostLyrics);
- Marked plugin as tested with WP 2.8.1
- 1.1.1
- Mark plugin as tested with WP 2.8
- 1.1
- Added option to disable User Accounts (such users cannot login even if they know valid password);
- Administrator can change Locked and Disabled statuses of User Account by editing user profile;
- Display User Account status on User list (requires WP 2.8+).
- 1.0
- 1st version
| << Wstecz Subscribe to Comments Now! | ^^ Spis treści | Dalej >> Google Integration Toolkit |
| << Wstecz Subscribe to Comments Now! | ^^ Spis treści | Dalej >> Google Integration Toolkit |
Dodaj linka na swojej stronie! Po prostu skopiuj poniższy kod i wklej go na swojej stronie WWW. Gotowy link będzie wyglądał w taki sposób:
2009-06-30 21:35:20
I've created a German localisation for your plugin (referring to version 1.1.1) it's here: http://firefly.menkisys.de/blog/download...
2009-07-12 22:24:47
Thanks for translation, I have added it to the package.
2009-07-13 16:10:16
I have a second request to you: It't be great to integrate usage of the new Changelog-structure for WordPress plugins, because this can also be used for the very helpful plugin "changelogger".
See further information at this blog:
http://westi.wordpress.com/2009/06/20/ch...
2009-07-22 13:00:07
Plugin jest super. Mam tylko jedno pytanie - jak można sprawdzić nieudane próby logowań? Data, czas, ip. Czy może potrzeba do tego osobnej wtyczki? Może ktoś wie jakiej? Doskonale by się uzupełniały... ;)
2009-09-23 08:41:33
Hi,
Great plugin, is it possible to show the total of locked users in a sidebar or something ?
Tnx
VVOR
2009-10-05 22:36:09
I've translated the .po file in spanish. You can contact me to the e-mail provided and I'll send you the file.
2010-01-23 17:17:59
Hi, thanks for your works!
Here there's the italian translation (.po and .mo):
http://alessandrostella.it/temp/user-loc...
Unfortunately your plugin is activated but does not work on my wordpress 2.9.0. The plugin is unable to show the list of accounts to be blocked. There may be incompatibilities with other plugins or other... I'll let you know.
Alessandro
2010-01-23 17:54:28
Ok.
Now it all works well!
No problem for your plugin :-)
2010-01-23 21:09:26
Good to hear that :)
I will add your translation to official release soon.
2010-03-19 03:37:14
Hi, thanks for your works!
I've translated the .po file in arabic
here (.po and .mo)
http://linuxawi.com/up/user-locker-ar_AR...
2010-03-20 01:29:37
Hi, thanks for add my arabic translation
but the translation not work !
i dont know what and where problem.
the Solution is rename the .mo file
frome user-locker-ar_AR.mo
to user-locker-ar.mo
in this way works well :)
2010-03-21 03:28:51
What will happen if admin gets locked or disabled?
2010-03-22 01:03:21
User Locker Turkish translation repacked with all original files is downloadable at http://rapidshare.com/files/366479361/us... Just click on my website link :) Cheers
2010-03-22 07:38:15
@zaher kadour: please define WPLANG in your wp-config.php file as "ar_AR" - should help :)
@Wong Choon Jie: if admin gets locked, he/she can unlock it by requesting new password, using "Lost password" option.
When admin account is disabled, you need to use another admin account to enable it again.
When you do not have extra account with admin rights, procedure is more complex: you have to remove plugin via FTP (or better just change directory name), so WP will not be able to load it. Then you should login to WP and create new admin user. At this moment you can restore plugin via FTP. When you do this, please log using newly created admin, make sure User Locker is loaded and enable account for 1st admin. When you do this, you can login as 1st admin and remove new admin.
2010-03-22 07:39:44
@Dincer YAMANLAR: thanks for translation, I have just released it.
2010-03-25 21:40:46
For the admin account, it does not show the options to unlock or disable account. Is it supposed to?
2010-03-25 21:53:51
I am testing with a Contributor account but I cannot get it to lock it. It is set to 5 attempts. If I disable or lock it manually, it will tell me it is disabled or locked.
I wonder if there's a conflict with Theme My Login or something else. Any suggestions?
2010-03-26 01:44:59
To unlock admin user, execute this in sql:
update wp_usermeta set meta_value=0 where meta_key = "wp_ul_locked" and meta_value=1;
This will unlock every locked user, so you can login.
Alternatly use
select * from wp_usermeta where meta_key = "wp_ul_locked" and meta_value=1;
to see who is locked and then unlock it with
update wp_usermeta set meta_value=0 where umeta_id = xxxxx;
PS. very hard to post comment - message: invalid e-mail all the time
2010-03-29 21:48:44
Hi, I translated the plugin to Danish - can I send it through via email?
2010-04-01 17:21:45
I uploaded the Danish version here : http://www.hostingcouponfinder.com/user-...
2010-05-12 16:09:30
Hi, thanx for the plugin to the WP Community. Activated in a WP 2.9.2 installation with the Atahualpa 3.4.6 Theme it causes a bug in the dashboard. The right row of widgets does not appear and the left row is not extensible anymore. There are a lot of plugins aktivated in that installation, maybe that is a reason, too.
Greetings
Roller
2010-11-27 18:00:43
Hi,
I'd like to inform you that "User Locker" mail has been blocked.
I've successfully unlocked my user with another account and the mail runs correctly only after the user is unlocked.
Bye.
2011-09-21 12:13:17
Dzięki, właśnie tego szukałem
2011-11-03 18:52:47
FYI:
"A very nice plugin, but it has a 'logic' bug.
The bad attempts counter per user is not reset after a valid login or after a password-reset."
More here: http://wordpress.org/support/topic/plugi...
2011-11-03 18:54:56
FYI: When I posted the above, I first got this error which discloses internal data (replaced by XXXXX) of your server:
Internal Server Error
[Warning] fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: unable to connect to XXXXXXXXXXX.rest.akismet.com:80 (Connection timed out) (@line 343 in file /home/XXXXXXXX/poradnik-webmastera.com/public_html /XXXXXXXXX/Akismet.class.php).
An internal error occurred while the Web server was handling your request. Please contact the webmaster to report this problem.
Thank you.
2011-11-03 18:51