Hungry for more features?
Want to support development?
Upgrade to Pro!
Apocalypse Meow

Apocalypse Meow

Apocalypse Meow’s main focus is addressing WordPress security issues related to user accounts and logins. This includes things like:

  • Brute-force login-in protection;
  • Customizable password strength requirements;
  • XML-RPC and WP-REST access controls;
  • Account access alerts;
  • Searchable access logs (including failed login attempts and temporary bans);
  • User enumeration prevention;
  • Miscellaneous Core and template options to make targetted hacks more difficult;

Security is an admittedly technical subject, but Apocalypse Meow strives to help educate “normal” users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information.

Knowledge is power!

Screenshots

Premium Licensing

Apocalypse Meow’s main focus is addressing WordPress security issues related to user accounts and logins. This includes things like:

  • Brute-force login-in protection;
  • Customizable password strength requirements;
  • XML-RPC and WP-REST access controls;
  • Account access alerts;
  • Searchable access logs (including failed login attempts and temporary bans);
  • User enumeration prevention;
  • Miscellaneous Core and template options to make targetted hacks more difficult;

Security is an admittedly technical subject, but Apocalypse Meow strives to help educate “normal” users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information.

Knowledge is power!

We hate complicated licensing!, so have kept ours dead simple. All licenses come with free lifetime updates. Single licenses are valid for use on one domain, while Developer licenses can be used on any number of different projects.

For more information about plugin licensing, please have a look at the FAQ.

Documentation

The Premium Version of the plugin includes additional features such as CLI management, hooks and filters, and the ability to set readonly configurations.

Read-only Settings

Most Apocalypse Meow settings can be hardcoded as PHP constants in wp-config.php. This allows system administrators to set up the plugin without logging in, and also prevents configuration changes from being made by WordPress users (constant-defined options are readonly).

Hooks & Filters

Actions and filters are provided to allow custom themes or plugins to reference or utilize the Apocalypse Meow brute-force protection system.

WP-CLI

GUI is for suckers. The essential system adminy tools of Apocalypse Meow are also available through the command line via WP-CLI.

Changelog

21.2.5
fix Login activity status filter.
21.2.4
fix PHP notice with bcrypt.
fix CLI Spanish formatting.
21.2.3
misc Improve system requirement handling.
21.2.2
fix Click-to-search Community Pool IP in Activity results.
new Note Community Pool bans in Jail sidebar.
misc Performance optimizations.
21.2.1
new Update notice for Must-Use installs.
fix Rerun dbDelta if tables are missing.
misc Suppress PHP Intl warning unless site domain appears to be IDN.
21.2.0
new Registration SPAM protection.
new Password requirement exemption length option.
21.1.4
change Option to require existing users to update weak passwords after login. (This was previously automatic, and is still the default behavior.)
21.1.3
new Bcrypt hashing option.
fix Workaround for stale WP Nonce at login.
change More granular referrer-policy options.
change Update CLI whitelist/blacklist functions to reflect settings changes in 21.1.2.
21.1.2
new Login blacklist.
new Referrer-Policy setting.
new X-Content-Type-Options setting.
new X-Frame-Options setting.
new WP-CLI exports can now be CSV or XLS.
fix CSS fixes for Firefox.
21.1.1
fix Error/warning message after pardon.
21.1.0
misc Update licensing.
21.0.5
new Added support for the PHP extension GMP (BCMath alternative).
fix Improve CSS browser compatibility.
change Increase Community ban times when small.
fix Bug affecting WP-CLI version command.
21.0.4
fix JS workaround for certain edge cases.
21.0.3
change Update domain database.
fix Localization issue.
misc Shrink library size.
21.0.2
misc Clarify Community Pool ban logic.
new Ahora en Español.
21.0.1
fix Fix URL protocols for sites that serve mixed content.
21.0.0
new This is a major new release, re-coded from the ground up for better performance and security, and packed with tons of new features. Enjoy!
new Ability to track user enumeration attempts.
new Community Blocklist integration.
new Premium Version featuring tons of additional tools, CLI access, and more!
change The code has been re-licened under WTFPL.
misc Apocalypse Meow now requires PHP 5.6 or newer.
20.2.0
misc Add an admin notice for users running out-of-support versions of PHP.
misc This will be the last release supporting PHP 5.4+. Future releases will require PHP 5.6+.
20.1.8
new Ability to control access to WP-REST requests.
fix Extend user enumeration protection to API requests.
20.1.7
fix pass-by-reference notice.
20.1.6
fix IPv6 whitelist bug.
20.1.5
new Option to mitigate phishing attempts with rel=noopener.
new Additional common password checks.
misc Admin area improvements.
20.1.4
change Show number of remaining attempts after login failure.
fix Failed login attempts not always expiring.
20.1.3
fix Layering bug that could make the Settings > Save button unclickable.
20.1.2
fix Address PHP notice.
20.1.1
new The plugin has been completely rewritten from the ground up to provide a cleaner interface, faster performance, and additional features.
2.2.0
new Option to disable XML-RPC.
new Option to remove adjacent post meta tags.
new Support plugin configuration via wp-config.php.
2.1.2
change Common password list has been expanded to around 500 entries.
2.1.1
change Tweak nonce error display.
2.1.0
new Option to add Nonce field to the login form.
new Email alerts after login from new location.
2.0.1
fix More robust username retrieval.
2.0.0
fix Forgot password reset enforces password strength rules.
new Don’t allow Top 25 Most Common passwords ever.
change Move database cleanup to WP Cron.
misc Code clean-up.
1.7.0
new Ability to clear unclaimed pardons.
1.6.0
new In honor of Heartbleed, there is now a tool for resetting all user passwords en masse.
1.5.0
new Allow alternate $_SERVER variables for proxy installations (thanks jjfalling).
misc Code clean-up.
1.4.5
new Warn administrators on settings page of potential proxy/intranet-type issues.
fix Only show .htaccess options on Apache servers.
change Use wp_die() for Apocalypse screen.
change Database maintenance on by default.
1.4.4
misc File clean-up.
1.4.3
fix Ensure variables are declared at activation.
1.4.2
fix Replace deprecated $wpdb->escape() with esc_sql().
1.4.1
fix Replaced a couple functions that are deprecated as of PHP 5.5.0.
1.4.0
new Log-in jail page to view currently banned IPs.
new Ability to temporarily pardon a banned IP.
fix Log-in history now displayed in viewer’s timezone.
1.3.6
fix Call-time pass-by-reference warning/error in PHP 5.3+.
1.3.5
change Fail window unit converted minutes.
misc More efficient logging of Apocalypse triggers.
misc Simplified Apocalypse page options.
fix Database upgrade procedure skipped.
1.3.4
change Lowered data retention minimum to 10 days.
new Option to manually clear data.
fix Uninstallation now removes all plugin data/settings.
new Option to disable theme/plugin editor.
change Prevent installation on WPMU blogs.
fix Use $_SERVER instead of getenv() as it is more compatible across server environments.
fix Minor bug fixes.
1.3.3
new Log-in statistics.
change Storing UA string with log-in attempt is now optional (default disabled).
misc Log-in protection settings now hidden if log-in protection is disabled.
misc Database maintenance settings now hidden if maintenance is disabled.
1.3.2
misc Use existing WP CSS for log-in history table.
change Set 403 status header when displaying Apocalypse screen.
1.3.1
misc Compatibility with WP 3.5.
misc All queries now run through $wpdb.
1.3.0
new Ability to rename the default WordPress user to something less .predictable.
fix Minor bug fixes.
1.2.0
new Ability to disable the direct execution of PHP scripts in wp-content/.
change Re-organized the settings page.
1.1.0
new Customizeable page title and content for the Apocalypse page;
new Apocalypse page display logging.
fix Improved timestamp handling.
change Un-embedded kitten graphic for improved support with older browsers.
1.0.0
new Apocalypse Meow is born!