{"id":293776,"date":"2026-04-10T12:52:00","date_gmt":"2026-04-10T12:52:00","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/gatorio\/"},"modified":"2026-04-10T12:51:37","modified_gmt":"2026-04-10T12:51:37","slug":"gatorio","status":"publish","type":"plugin","link":"https:\/\/frp.wordpress.org\/plugins\/gatorio\/","author":23469585,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1","stable_tag":"1.1","tested":"6.9.4","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"Gatorio","header_author":"Sichtelement | Design","header_description":"Lightweight brute-force protection for WordPress login.","assets_banners_color":"1a0709","last_updated":"2026-04-10 12:51:37","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/gatorio.io","header_author_uri":"https:\/\/sichtelement.design","rating":0,"author_block_rating":0,"active_installs":0,"downloads":33,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1":{"tag":"1.1","author":"sichtelement","date":"2026-04-10 12:51:37"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3503310,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3503310,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3503310,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3503310,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,602,15756,600],"plugin_category":[38,54],"plugin_contributors":[259908],"plugin_business_model":[],"class_list":["post-293776","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-login","plugin_tags-login-protection","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-sichtelement","plugin_committers-sichtelement"],"banners":{"banner":"https:\/\/ps.w.org\/gatorio\/assets\/banner-772x250.png?rev=3503310","banner_2x":"https:\/\/ps.w.org\/gatorio\/assets\/banner-1544x500.png?rev=3503310","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/gatorio\/assets\/icon-128x128.png?rev=3503310","icon_2x":"https:\/\/ps.w.org\/gatorio\/assets\/icon-256x256.png?rev=3503310","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Gatorio is a minimal WordPress security plugin that protects login endpoints against brute-force attacks.<\/p>\n\n<p>The plugin follows a strict privacy-first and KISS (keep it simple) philosophy.<\/p>\n\n<p>No dashboards.\nNo tracking.\nNo unnecessary complexity.<\/p>\n\n<p>Just effective login protection.<\/p>\n\n<p>Unlike many plugins, Gatorio blocks login attempts before authentication begins.<br \/>\nThis prevents bypasses caused by plugins that override the default WordPress login flow.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>Brute-force protection<\/li>\n<li>Login attempt limiter<\/li>\n<li>Temporary lockout<\/li>\n<li>Pre-authentication request blocking (init hook)<\/li>\n<li>Works with WordPress, WooCommerce and custom login forms<\/li>\n<li>Login delay (bot mitigation)<\/li>\n<li>Generic login errors (no information leakage)<\/li>\n<li>XML-RPC protection<\/li>\n<li>Username enumeration protection (REST API)<\/li>\n<li>IP hashing (privacy-friendly, no raw IP storage)<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin<\/li>\n<li>Protection starts automatically<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20the%20plugin%20store%20ip%20addresses%3F\"><h3>Does the plugin store IP addresses?<\/h3><\/dt>\n<dd><p>No. Gatorio hashes IP addresses using SHA-256 and does not store raw IPs.<\/p><\/dd>\n<dt id=\"does%20it%20require%20configuration%3F\"><h3>Does it require configuration?<\/h3><\/dt>\n<dd><p>No. The plugin works automatically without setup.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20woocommerce%20or%20custom%20login%20forms%3F\"><h3>Does it work with WooCommerce or custom login forms?<\/h3><\/dt>\n<dd><p>Yes. Gatorio blocks login attempts at request level, independent of the authentication system.<\/p><\/dd>\n<dt id=\"does%20it%20slow%20down%20the%20login%3F\"><h3>Does it slow down the login?<\/h3><\/dt>\n<dd><p>A minimal delay is applied to slow down automated attacks.<\/p>\n\n<p>Source code: https:\/\/codeberg.org\/Sichtelement\/gatorio<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1<\/h4>\n\n<ul>\n<li>Added translators comment for localized strings with placeholders<\/li>\n<li>Fixed WordPress Plugin Check error (MissingTranslatorsComment)<\/li>\n<li>Added proper handling for nonce verification warnings (via phpcs ignore)<\/li>\n<li>Improved compatibility with WordPress and external login flows<\/li>\n<li>Minor security and code consistency improvements<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Added pre-authentication request blocking via init hook<\/li>\n<li>Implemented universal login detection (WordPress, WooCommerce, custom forms)<\/li>\n<li>Fixed brute-force bypass caused by plugin-based authentication overrides<\/li>\n<li>Improved reliability across different login systems<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Added session-level lockout fallback via init<\/li>\n<li>Improved compatibility with external authentication flows<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Adjusted authenticate hook priority<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Lockout stability improvements<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release<\/li>\n<\/ul>","raw_excerpt":"Lightweight brute-force protection for the WordPress login.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/293776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=293776"}],"author":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sichtelement"}],"wp:attachment":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=293776"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=293776"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=293776"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=293776"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=293776"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=293776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}