Alphabetical Posts Widget
| Compatibility | WordPress 5.0 +, PHP 7.4 + |
|---|---|
| Prerequisites | WordPress 5.0 + |
From £0.00
NO RISK - 14 day money back guarantee
KEY FEATURES
Brute-force protection
IP safe-lists & blacklists
Real-time logging
GDPR-compliant
The Benefits of Using HackBlocker
REDUCE BRUTE-FORCE ATTACKS
Automated blocking dramatically cuts down on repeated login attempts from malicious actors.
PREVENT USERNAME ENUMERATION
GAIN VISIBILITY
Detailed logs give you clear insights into who’s trying (and succeeding) to log in, so you can spot patterns and adjust your security policies.
MINIMISE ADMINISTRATIVE OVERHEAD
All management happens in your existing WordPress dashboard—no need for server-level tools or custom scripts.
FAST SETUP
14-DAY MONEY BACK GUARANTEE
Give it a try and if it’s not for you, we’ll refund your purchase. T&Cs apply.
FREE vs PRO
FREE
No License Required- Change widget title.
- Set number of items shown.
- Alphabetical list by Title (A–Z or Z–A).
- Works with any post type (posts, pages, products, CPTs).
- Order-by options: Title, Menu Order, Date, Last Modified.
- Filter by up to three taxonomy groups (AND logic).
- Optional category/taxonomy dropdown filter (front-end, auto-populates from taxonomy terms).
- Include or exclude specific post IDs.
- Optional date display with custom format.
- Optional excerpt display with configurable word length.
- Widget for Appearance → Widgets.
- Shortcode for use in pages, posts, or Divi Code Modules.
PRO
ANNUAL LICENSE- Change widget title.
- Set number of items shown.
- Alphabetical list by Title (A–Z or Z–A).
- Works with any post type (posts, pages, products, CPTs).
- Order-by options: Title, Menu Order, Date, Last Modified.
- Filter by up to three taxonomy groups (AND logic).
- Optional category/taxonomy dropdown filter (front-end, auto-populates from taxonomy terms).
- Include or exclude specific post IDs.
- Optional date display with custom format.
- Optional excerpt display with configurable word length.
- Widget for Appearance → Widgets.
- Shortcode for use in pages, posts, or Divi Code Modules.
How HackBlocker Works
- Login Attempt: A user submits credentials via wp-login.php.
- Non-existent Username Check: If the username isn’t in the database (and not on your safe-list), HackBlocker logs the attempt and bans the username and IP.
- Safe-List Bypass: Administrators and trusted IPs bypass blocking logic to avoid lockouts.
- Logging: Every blocked attempt and every successful login is recorded with username, IP, and timestamp.
- Dashboard Controls: Review logs, clear entries, and unblock IPs as needed – all from the HackBlocker admin menu.
FAQ
Does HackBlocker work with WordPress Multisite?
Unfortunately, HackBlocker is designed for single-site WordPress installations only. It cannot be network-activated across a Multisite (network) setup. If you wish to protect multiple subsites, you’ll need to install and activate HackBlocker individually on each one.
We’re exploring full Multisite support in a future release – if this is critical for your workflow, please get in touch so we can discuss timelines and potential workarounds.
How do I renew my licence?
You’ll receive an email reminder 30 days before your licence expires, with a renewal link. Simply follow that link to renew for another year at your current rate. If you miss the reminder, you can also log in to your account dashboard on apps-and-plugins.co.uk and click Renew Licence next to HackBlocker.
What types of attacks does HackBlocker protect against?
HackBlocker guards against:
- Brute-force login attempts (rapid username/password guessing)
- XML-RPC pingbacks (common WordPress attack vector)
- Invalid username probes (stops bots trying default/weak usernames)
All blocked attempts are logged for your review.
What is the lockout threshold for failed login attempts and non-existent usernames?
HackBlocker enforces a strict one-strike policy: any failed login – whether an incorrect password for a valid account or an attempt with a non-existent username – will immediately block that IP address. All blocked attempts (including the attempted username, IP and timestamp) are kept in a rolling log of your 100 most recent entries under Tools → HackBlocker Logs.
Why block on first failure (including bogus usernames)?
This approach not only stops brute-force attacks dead in their tracks but also prevents “username enumeration” tactics – where attackers probe your site for valid account names. By cutting off all failed attempts instantly, you significantly reduce malicious traffic and preserve server resources.
Will HackBlocker impact my site’s performance?
HackBlocker is built for efficiency: all security checks run at the PHP level with no external API calls, and there’s no extra database overhead beyond logging. In our internal tests on a typical WordPress installation, we observed no noticeable impact on page-load times. Of course, actual performance can vary depending on your hosting environment, theme and other active plugins – but in almost every case, HackBlocker runs completely transparently.
How do I view blocked attempt logs?
All blocked login attempts are recorded in Tools → HackBlocker in your WordPress dashboard. There you can scroll through the most recent 100 entries, each showing timestamp, IP and attempted username
Single-Site Licence – FREE
FREE
No License Required
Single-Site Licence – PRO
£29
+VAT
Annually
THREE-Site- Licence – PRO
£49
+VAT
Annually
TEN-Site- Licence – PRO
£99
+VAT