HTTP/1.1 403 Forbidden header on a failed login
by atmosphear · Security
Send an "HTTP/1.1 403 Forbidden" header on a failed login instead of the default "HTTP/1.1 200 OK"
45 health vs 66 average across 445 Security plugins
High removal-risk signals
63/100Maintenance and integrity signals that tend to precede a WordPress.org removal. Not an official status, a heads-up to act.
- Long abandoned. No update in 10+ years — the top precursor to removal once a vulnerability is found.
- Compatibility drift. Tested only up to WordPress 4.4.34, well behind 6.8.
Directory ranking optimization
How it's scored →How well this listing is tuned to rank in WordPress.org search, on the factors an owner controls. Not popularity, optimization.
Under-optimized
Biggest win: Update recency
To rank higher: Last updated 3768 days ago — ship an update; wp.org decays a listing's search weight after ~180 days.
Get the full rank-higher report →Daily downloads
Since 2022-10-05 · 1,381 days · wp.org + Plugin Pulse archive
30-day downloads
Rolling 30-day volume · peaks are release surges
59
now · peak 157
Directory rank vs rivals
wp.org popularity rank over time · higher is better · when a rival's line climbs above yours, they've overtaken you
Downloads per 1k installs · 30d
Engagement proxy · release spikes are signal, a long slide is an aging base
Estimated active installs
wp.org reports only “200+”. The real number sits in this band.
Refined from the date this plugin crossed into its current band.
Install history · since 2022-10-04 · 1,378 observations
Details
Growth timeline
Install-band crossings we have observed, and how long each band took to outgrow
- 2024-06-01 100+ → 200+ up
Competes with
The plugins that solve the same job, ranked by shared tags then reach — closest match first
-
WP fail2ban Add-on for Contact Form 7 800+ installs · 3.6★ · 2 shared tags D -
WP fail2ban Add-on for Gravity Forms 600+ installs · 3.6★ · 2 shared tags D -
Akismet Anti-spam: Spam Protection 6M+ installs · 4.7★ · 1 shared tag A -
Sucuri Security – Auditing, Malware Scanner and Security Hardening 600K+ installs · 4.2★ · 1 shared tag A -
WP Mail Logging 300K+ installs · 4.7★ · 1 shared tag A -
ReCaptcha v2 for Contact Form 7 200K+ installs · 4.8★ · 1 shared tag A
Embed this report card
Drop a live Pulse card for HTTP/1.1 403 Forbidden header on a failed login into a readme, a review or a deck. It updates itself.
<iframe src="https://plugins.wpmayor.com/embed/http11-403-forbidden-header-on-a-failed-login" width="480" height="300" style="border:0" loading="lazy" title="HTTP/1.1 403 Forbidden header on a failed login — Plugin Pulse"></iframe> HTTP/1.1 403 Forbidden header on a failed login: 200+ active installs, 5.0★ (2 reviews). Plugin Pulse (WP Mayor), as of 2026-07-17. https://plugins.wpmayor.com/plugin/http11-403-forbidden-header-on-a-failed-login