The latest version can be downloaded here.

Release notes


  • Fix bug that some functions are disabled (interim measures)


  • Enabled to get client IP address from X-Forwarded-For header

  • Strict operation check of each function

  • Change not to use session


  • Fix an issue where CAPTCHA might fail in 1.3.3


  • Fix bug that error occurs when fails to send mail
  • Inprove the security of the CAPTCHA function
  • Disabling the Rename Login function when qTranslate X plugin is enabled in order to avoid conflicts


  • Fix bug that fatal error occurs when fails to send mail


  • Fix conflicts with other plugins in a session related


  • Add the “Disable XMLRPC” feature
  • In the Login History, add display the login type that indicates whether via login page or xmlrpc
  • Fix that the Fail Once error message to be not the same as the failure
  • Fix that the permission of .htaccess to change from 0644 to 0604
  • Delete the mistaken characters of CAPTCHA


  • In the Admin Page IP Filter function, fix bug that can be accessed from the IP address that failed to login to the management page
  • In the Rename Login function, correct the problem that is redirected to the renamed login page from the /wp-signup.php


  • Fix bug that there is a case which can acccess management pages from non login client
  • Disabling the several functions when there is no .htaccess write permission


  • Fix bug that you can not reply comments from the dashboard, if the CAPTCHA is enabled
  • Fix bug that the login page is displayed in ‘/wp-login’ even if the Rename Login is enabled


  • Fix bug that XML-RPC access which doesn’t need login is recorded as the nameless login history
  • Disabling the all functions when installed in multisite environment
  • Disabling the several functions when settings of .htaccess was eliminated


  • Supported with WP 4.2


  • Add the “Updates Notify” feature
  • Fix bug that login via XML-RPC to fail, if the CAPTCHA is enabled
  • Fix bug that sometimes can’t login when you enable the Fail once


  • Supported with WP 4.1
  • Disabling the Admin IP Filter function by default


  • Fix bug that can not save “Login Alert” settings
  • Add the “Login Alert” notification variables, IP Address, User-Agent and Refere


  • Add the “Login Alert” feature
  • Add the function of inform the new Login page URL by e-mail
  • Fix bug that work “Fail Once” even when the password is a mistake
  • Fix bug that even if the “Rename Login” has been enabled, and have specified a permanent link to the non-standard, jump to the new login page in /login


  • Supported with Apache 1.3
  • Fix garbling of CAPTCHA by environment
  • Fix input check of Rename login path
  • Fix some other bugs


  • Add display a warning about changing the login page URL, when activate the plugin


  • Fix bug that fails to update .htaccess, if there is no WordPress settings in .htaccess


  • Fix a problem that “Rename Login” does not work, if you change Permalink settings
  • Fix the collision of class name of Really Simple CAPTCHA


  • Fix a minor html escape leakage
  • Reduced the problem of affinity with other plugin [WordPress HTTPS (SSL)]


  • Supported with WP 4.0


  • First release.