Plugin / Apocalypse Meow

Blobfolio, LLC



Apocalypse Meow’s main focus is addressing WordPress security issues related to user accounts and logins. This includes things like:

  • Brute-force login-in protection;
  • Customizable password strength requirements;
  • XML-RPC access controls;
  • Account access alerts;
  • Searchable access logs (including failed login attempts and temporary bans);
  • User enumeration prevention;
  • Registration SPAM protection;
  • Miscellaneous Core and template options to make targetted hacks more difficult;

Security is an admittedly technical subject, but Apocalypse Meow strives to help educate “normal” users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information.

Knowledge is power!

For the less normal among us — system administrators, developers, and other IT professionals — there is also a Premium Version, packed with administrative tools, data visualizations and export functionality, and complete WP-CLI integration for those with nerdier workflows.


Due to the advanced nature of some of the plugin features, there are a few additional server requirements beyond what WordPress itself requires:

  • WordPress 4.4+.
  • PHP 7.1 or later.
  • PHP extensions: (bcmath or gmp), date, filter, json, pcre.
  • CREATE and DROP MySQL grants.
  • Single-site Installs (i.e. Multi-Site is not supported).

Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂

Premium Version

Apocalypse Meow’s proactive security hardening and attack mitigation features are completely free, and always will be.

The Premium Version is intended for IT professionals like system administrators and developers, who require more control over the data and workflow.

This version comes with a bunch of advanced tools, offering the ability to:

  • Reset passwords site-wide (with or without email notifications);
  • Detect and revoke old passwords hashed with MD5;
  • Rename the dangerous default “admin” and “administrator” usernames;
  • View and revoke individual user sessions;
  • Export login data in CSV format;
  • Backup and restore plugin settings;
  • Access to hooks and filters to interact with the brute-force login operations;
  • Run operations and view data through WP-CLI;

To learn more, visit

Log Monitoring

Some robots are so dumb they’ll continue trying to submit credentials even after the login form is replaced, wasting system resources and clogging up the log-in history table. One way to mitigate this is to use a server-side log-monitoring program like Fail2Ban or OSSEC to ban users via the firewall.

Apocalypse Meow produces a 403 error when a banned user requests the login form. Your log-monitoring rule should therefore look for repeated 403 responses to wp-login.php. Additionally, some robots are unable to follow redirects; if your login form requires SSL, you should also ban repeated 301/302 responses to catch those fools.

If you have enabled user enumeration protection with the die() option, requests for ?author=X will produce a 400 response code which can be similarly tracked.

Privacy Policy

When active, this plugin retains security logs of every sign-in attempt made to the CMS backend. This information — including the end user’s public IP address, username, and the status of his or her attempt — is used to help prevent unauthorized system access and maintain Quality of Service for all site visitors.

This information resides fully on the hosting web site and is not shared with any third parties unless the Community Pool feature is enabled, in which case any IP addresses responsible for attacks against your web site are periodically shared with Blobfolio, LLC, the maintainer of the centralized database. If any of those IP addresses are subsequently identified by multiple, independent sources, they will be published to a public blocklist (hosted by Blobfolio).

Data retention is entirely up to the site operator, but by default old records are automatically removed after 90 days.

Please note: Apocalypse Meow DOES NOT integrate with any WordPress GDPR “Personal Data” features. (Selective erasure of audit logs would undermine the security mechanisms provided by this plugin. Haha.)


19 reviews

Rating breakdown

Details Information



First Released

11 Nov, 2012

Total Downloads


Wordpress Version

4.4 or higher

Tested up to:


Require PHP Version:

7.1 or higher




The plugin hasn't been transalated in any language other than English.


The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.