Àpèjúwe
Gatorio is a minimal WordPress security plugin that protects login endpoints against brute-force attacks.
The plugin follows a strict privacy-first and KISS (keep it simple) philosophy.
No dashboards.
No tracking.
No unnecessary complexity.
Just effective login protection.
Unlike many plugins, Gatorio blocks login attempts before authentication begins.
This prevents bypasses caused by plugins that override the default WordPress login flow.
Features
- Brute-force protection
- Login attempt limiter
- Temporary lockout
- Pre-authentication request blocking (init hook)
- Works with WordPress, WooCommerce and custom login forms
- Login delay (bot mitigation)
- Generic login errors (no information leakage)
- XML-RPC protection
- Username enumeration protection (REST API)
- IP hashing (privacy-friendly, no raw IP storage)
Ìgbéwọlẹ̀
- Upload the plugin folder to
/wp-content/plugins/ - Activate the plugin
- Protection starts automatically
FAQ
-
Does the plugin store IP addresses?
-
No. Gatorio hashes IP addresses using SHA-256 and does not store raw IPs.
-
Does it require configuration?
-
No. The plugin works automatically without setup.
-
Does it work with WooCommerce or custom login forms?
-
Yes. Gatorio blocks login attempts at request level, independent of the authentication system.
-
Does it slow down the login?
-
A minimal delay is applied to slow down automated attacks.
Source code: https://codeberg.org/Sichtelement/gatorio
Àwọn àgbéyẹ̀wò
Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.
Àwọn Olùkópa & Olùgbéejáde
“Gatorio” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn Olùkópa
Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
1.1
- Added translators comment for localized strings with placeholders
- Fixed WordPress Plugin Check error (MissingTranslatorsComment)
- Added proper handling for nonce verification warnings (via phpcs ignore)
- Improved compatibility with WordPress and external login flows
- Minor security and code consistency improvements
1.0.6
- Added pre-authentication request blocking via init hook
- Implemented universal login detection (WordPress, WooCommerce, custom forms)
- Fixed brute-force bypass caused by plugin-based authentication overrides
- Improved reliability across different login systems
1.0.5
- Added session-level lockout fallback via init
- Improved compatibility with external authentication flows
1.0.4
- Adjusted authenticate hook priority
1.0.3
- Lockout stability improvements
1.0.0
- Initial public release