Admin Safety Guard
Admin Safety Guard is a powerful yet lightweight WordPress security plugin that protects your login page and admin dashboard from hackers, bots, and brute-force attacks. It is built for anyone — from first-time bloggers to experienced developers — with a clean interface, clear settings, and features that work from the moment you activate it. WordPress is the most popular website platform in the world, which also makes it the most targeted. Every day, thousands of automated bots scan WordPress sites looking for weak passwords, exposed login pages, and unpatched vulnerabilities. Admin Safety Guard closes those doors quickly and reliably, without slowing down your site or requiring any technical expertise. Why WordPress Sites Get Hacked — And How Admin Safety Guard Stops It Most successful WordPress attacks follow the same pattern: A bot finds your login page at the default wp-login.php address. It tries thousands of username and password combinations (brute-force attack). Once inside, it installs malware, steals data, or takes over your site. Admin Safety Guard blocks every step of this attack chain — for free. Free Features Limit Login Attempts (Active by Default) Automatically block any IP address that fails too many login attempts. You control the number of allowed attempts, the lockout duration, and the message shown to blocked users. Brute-force attacks become impossible when attackers are locked out after 3 failed tries. Login Limit Attempts is the only feature enabled by default on fresh install, so your site is protected the moment you activate the plugin. Custom Login URL Move your login page away from the default wp-login.php address. Bots and automated scanners will never find your login page because it simply does not exist at the expected location. You can set any slug you like, and the plugin handles redirect rules automatically. You can also set a custom redirect URL for after login and after logout. Two-Factor Authentication (2FA) via Email OTP After a user enters their correct password, a one-time passcode (OTP) is sent to their email address. They must enter that code to complete the login. Even if a hacker steals a password, they cannot get in without also accessing the user’s email inbox. You can customise the OTP email subject and body to match your brand. Google reCAPTCHA (v2 & v3) Add Google reCAPTCHA to your login form to block automated bots in real time. Both reCAPTCHA v2 (the familiar checkbox) and v3 (invisible, score-based) are supported. Simply enter your site key and secret key from Google, choose your version, and reCAPTCHA will handle the rest silently in the background. IP Blocking Manually block specific IP addresses from accessing your login page entirely. If you notice a suspicious IP in your activity log or receive repeated failed login alerts, add that IP to the block list and it will be turned away immediately. Perfect for stopping known bad actors before they become a problem. Login Logs & Activity Tracking See exactly who is logging in to your site and when. The activity dashboard shows successful logins, failed login attempts, IP addresses, user agents, and timestamps in a clear, searchable table. You will always know if something unusual is happening on your site, and you have the evidence to act on it. Security Analytics Dashboard The built-in analytics dashboard gives you a real-time overview of your site’s security health. It shows your overall Security Score (based on how many features you have enabled), recent login activity, failed login trends, and a breakdown of which security features are active versus inactive. It is the first page you see when you open the plugin, giving you immediate situational awareness. Hide Admin Bar (by Role) Choose which user roles see the WordPress admin bar on the front end of your site. For example, you can hide the admin bar from subscribers and customers while keeping it visible for editors and administrators. This reduces information leakage and gives non-admin users a cleaner experience. Password Protection (Site-Wide) Lock your entire website behind a password. Visitors must enter the correct password before they can view any content. This is ideal for staging sites, coming-soon pages, client previews, or any situation where you want to restrict public access temporarily. You can set the access duration and exclude specific user roles from the password requirement. Privacy Hardening — Disable XML-RPC The WordPress XML-RPC interface is a common target for brute-force and DDoS amplification attacks. With one toggle, you can disable it completely. Unless you rely on XML-RPC for mobile app publishing or specific third-party integrations, disabling it is a safe and recommended step for almost every WordPress site. Login Page Customisation & Branding Replace the default WordPress logo on the login page with your own logo. Set the logo width, height, and URL. Choose from pre-built login page templates to give your login form a professional, branded appearance. This is especially useful for agencies delivering client sites and for anyone who wants a polished, consistent look. Firewall & Malware Overview The Firewall & Malware section gives you a central view of your site’s firewall and malware protection status. It shows all related features in one place so you can see what is active and what still needs attention, making it easy to build up your security layer by layer. Pro Features Admin Safety Guard Pro extends the plugin with advanced security tools designed for agencies, developers, and high-traffic sites. Passwordless Login (Magic Links) Let users log in with a secure, one-time link sent to their email — no password needed. Magic links expire after a single use, making them more secure than passwords for many workflows. 2FA via Mobile Authenticator App Add Google Authenticator or Authy-compatible two-factor authentication to your login flow. Users scan a QR code once, then generate time-based OTP codes from their phone app. This is the same method used by banks and enterprise software. Social Login Allow users to log in with their existing Google, Facebook, or other social media accounts. Reduce friction at sign-up and login, while keeping full control over which providers are allowed. Database Table Prefix Check The default WordPress database prefix wp_ is well-known to attackers and makes SQL injection easier. This Pro tool detects your current prefix and guides you through changing it to a unique, random value to close that vulnerability. Strong Password Enforcement Set a minimum password strength policy for your users. When they update their password, it must meet your requirements — rejecting weak, guessable passwords before they become a security risk. Advanced Firewall & Malware Scanner Scan your WordPress files and database for known malware signatures, suspicious code injections, and modified core files. Get alerts when threats are detected and take action directly from the plugin dashboard. Upgrade to Pro to unlock all Pro features. Who Is Admin Safety Guard For? Bloggers & Content Creators You focus on writing — not on managing server security. Admin Safety Guard protects your login page and admin area quietly in the background with zero ongoing maintenance required. Small Business Owners Your website is your business. A hack can bring it down, damage your reputation, and cost you money. Admin Safety Guard gives you enterprise-level login protection without the enterprise price tag. WooCommerce Store Owners An online store holds customer data, payment details, and order history. Limit login attempts, add 2FA, and lock down your admin area so only you and your trusted team can get in. Freelancers & Web Designers Deliver more secure sites to clients out of the box. Customise the login page with the client’s branding, lock down the admin bar by role, and hand over a professional, secure WordPress installation every time. Agencies & Development Teams Manage security across multiple client sites with a consistent, repeatable setup. All features are toggle-based and clearly documented, making it easy to onboard new team members and maintain a security standard across your portfolio. Developers & Site Administrators Fine-tune every setting — login attempt limits, lockout durations, OTP email templates, reCAPTCHA version, redirect URLs, IP block lists, and more. Admin Safety Guard is built on WordPress hooks and filters, so it plays well with the rest of your stack. What Makes Admin Safety Guard Different? Lightweight by design. Assets are loaded only on the pages that need them. The plugin has no impact on your site’s front-end load time. No configuration required to get started. Limit Login Attempts is enabled automatically on install. Your site is more secure the moment you activate the plugin. All features are clearly labelled Free or Pro. You can see exactly what is available and what requires the Pro version before making any decisions. Clean, modern dashboard. The settings UI is built with React for a fast, app-like experience. Finding and configuring features takes seconds, not minutes. Built to WordPress standards. Every input is sanitised, every output is escaped, all AJAX requests use nonce verification, and every database query uses prepared statements. Support For any issues, questions, or feature requests, please reach out via Support. External Services This plugin uses the following third-party and external services: 1) Google reCAPTCHA (Google LLC) Purpose: Used to protect forms from spam and automated abuse. When it is used: – When reCAPTCHA is enabled in plugin settings – On login forms and support forms protected by reCAPTCHA What data is sent: – User IP address – reCAPTCHA response token generated by Google – Browser information as required by Google reCAPTCHA Service provider: Google LLC Terms of Service: https://policies.google.com/terms Privacy Policy: https://policies.google.com/privacy 2) ThemePaste API (Plugin Author Service) Purpose: Used for: – Collecting optional admin email addresses for plugin updates and notifications – Sending support requests from the plugin support form – Collecting optional feedback when a user attempts to deactivate the plugin – Managing plugin-related notifications (only if the user provides contact details) When it is used: – When a user submits the built-in support form – When a user opts to send diagnostic information – Submitting the optional deactivation feedback form What data is sent: – Name – Email address – Phone number (if provided) – Message content – Site URL – Plugin name – Feedback text (if provided) – Support message content – Deactivation reason (if provided) No data is sent without user action. Service provider: ThemePaste.com Terms of Service: https://themepaste.com/terms-condition Privacy Policy: https://themepaste.com/privacy-policy Development / Source Code This plugin includes compiled JavaScript bundles in: – assets/admin/build/*.bundle.js The original (human-readable) source files are included in this plugin under: – spa/admin/ Build Tools – Node.js (LTS recommended) – npm – Webpack + Babel Source Entry Points The admin SPA bundles are built from the following entry points: spa/admin/login-template/Main.jsx -> assets/admin/build/loginTemplate.bundle.js spa/admin/login-logs-activity/Main.jsx -> assets/admin/build/loginLogActivity.bundle.js spa/admin/analytics/Main.jsx -> assets/admin/build/analytics.bundle.js spa/admin/security-core/Main.jsx -> assets/admin/build/securityCore.bundle.js spa/admin/firewall-malware/Main.jsx -> assets/admin/build/firewallMalware.bundle.js spa/admin/privacy-hardening/Main.jsx -> assets/admin/build/privacyHardening.bundle.js spa/admin/monitoring-analytics/Main.jsx -> assets/admin/build/monitoringAnalytics.bundle.js Install Dependencies From the plugin root directory (or the directory where package.json exists): 1) Install dependencies: npm install Build (Production) To generate the production bundles: npm run build Output Location Webpack outputs the compiled bundles to: assets/admin/build/[name].bundle.js Important Notes – Do not edit files in assets/admin/build/ directly. They are generated files. – Edit the source files under spa/admin/ and re-run the build command. – For WordPress.org distribution, production builds should be used (mode=production). Links Website Documentation Pro Version Facebook Pinterest LinkedIn Instagram
Top keywords
- admin38×1.98%
- login33×1.72%
- build15×0.78%
- wordpress15×0.78%
- site14×0.73%
- google12×0.62%
- admin build11×0.57%
- assets11×0.57%
- page11×0.57%
- password11×0.57%
- security11×0.57%
- user11×0.57%
All In One Login
📢 A Pro version Lifetime Deal is available ⏰ Documentation | Features Looking for a one-stop solution to protect and customize your WordPress login page (wp-admin)? If that’s what you need, then Download All in One Login Plugin NOW] Over 60,000 website owners already use All in One Login for their WordPress login security and customization. 🎉 And the reason for that is obvious! 👇 AIO Login is a top-notch WordPress admin security plugin that empowers you to secure and customize the WordPress wp-admin login page. Which means it offers robust security features and extensive customization options. 🤯 So, if you really want to level up your WordPress login security, then AIO Login is a must-have plugin. 💯 From changing the WP-Admin URL to integrating Google reCAPTCHA, AIO Login provides everything you need to secure and customize your WordPress login page. Isn’t that amazing? Wait until you see its features❕ 😃 🚀 Key Features Our Users 🤍 About All In One Login The All in One Login plugin includes all the essential features that ensure the best WordPress login protection and customization. Let’s explore some of its key features: 👇 ✔️ Change WP-Admin URL Secure your site by changing the default WP-Admin URL. Hide the WordPress login page from hackers and prevent unauthorized access with a simple custom login URL. ✔️ Google reCAPTCHA Protect your WordPress login page from spam and bots. Add Google reCAPTCHA v2 or v3 to your WP-Admin for secure authentication and reduce automated login attempts. ✔️ Limit Login Attempts Prevent brute-force attacks by limiting failed login attempts. Lock out users after multiple failures and safeguard your WP-Admin with this WordPress limit login attempts plugin. ✔️ Login Redirection [Free + Pro] Control where users are redirected after login and logout by creating custom redirection rules for all users, user roles, or specific users. ✔️ Login Page Customizer Transform your WordPress login page with live preview customization. Change logos, colors, backgrounds, and layouts without coding. ✔️ User Enumeration [Free + Pro] Block attackers from discovering WordPress usernames through author or query string requests. This prevents exposure of valid usernames and strengthens login security against brute-force attacks. ✔️ Disable Common Usernames [Pro] Block weak or predictable usernames to improve WordPress login security. Force unique usernames and prevent attackers from exploiting common entries on your WordPress site. ✔️ Password Strength Checker [Pro] Enforce strong passwords for WordPress users. Set minimum length, character rules, and uppercase/lowercase requirements to ensure secure credentials and prevent unauthorized WP-Admin access. ✔️ Ban User/IP Address [Pro] Block unwanted users or IP addresses instantly. Restrict access to your WordPress login page and protect WP-Admin from hackers using this IP and user ban plugin. ✔️ App-Based 2FA [Pro] Add two-factor authentication to WordPress login. Enhance security for WP-Admin and ensure only authorized users can access your site. ✔️ Temporary Login URLs (Passwordless Login) [Pro] Give passwordless login access to any specific user by generating temporary login URLs. Control the number of visits and expiration to grant a short-term login without compromising WordPress site security. ✔️ Whitelist IP Addresses [Pro] Allow only trusted IP addresses to access your WordPress login page. Restrict WP-Admin access to selected users, adding an extra security layer to your site. ✔️ Social Login Integration [Pro] Enable users to log in with Google, Facebook, Microsoft, or LINE. Simplify WordPress and WooCommerce registration while improving security and user experience. ✔️ hCaptcha [Pro] Protect your WordPress login page from bots and spam with a privacy-first alternative. hCaptcha delivers robust, enterprise-grade bot protection while keeping user data secure (GDPR/CCPA compliant) and offering a faster, more human-friendly verification experience for real users ✔️ Google Fonts Integration [Pro] Access 1,900+ Google Fonts to match your login page typography with your brand identity. Customize fonts across all login elements. ✔️ Email-Based 2FA [Pro] Add an extra security layer with email one-time passwords (OTP). Users receive a 6-digit verification code via email during login, no authenticator app required. ✔️ 2FA Backup Codes & Grace Period [Pro] Never get locked out! Generate one-time backup codes and set grace periods for smooth 2FA rollout across your user base. ✔️ Slack Security Notifications [Pro] Get real-time WordPress security alerts directly in your Slack workspace. Monitor failed logins, IP lockouts, and suspicious activity instantly. ✔️ Webhook Notifications [Pro] Integrate with Zapier, Make, n8n, or custom APIs. Send security events to any HTTPS endpoint for advanced automation and monitoring. ✔️ Login Templates [Free + Pro] Choose from multiple professionally designed login page templates. Apply modern, minimalist, or professional designs instantly. ✔️ Google Fonts Integration [Pro] Access 1,900+ Google Fonts to match your login page typography with your brand identity. Customize fonts across all login elements. ✔️ WooCommerce Login Integration [Pro] Allow customers to log in with social accounts on WooCommerce checkout and account pages. Enhance login security and user experience with Google, Facebook, Apple, Discord, Microsoft, or LINE. Don’t Miss Out on Social Login Integrations All in One Login supports social integrations with leading platforms, making sign-in faster, easier, and more secure. Google Social Login [Pro] Let users log in with one of the most widely used authentication methods worldwide. By enabling Google login, you reduce friction for users, making registration easier. Facebook Social Login [Pro] With billions of users globally, Facebook login is a familiar and trusted option for social logins. Allowing users to sign in with Facebook means faster onboarding and less abandonment at registration. Microsoft Social Login [Pro] Perfect for business and education-focused websites, Microsoft login provides secure authentication. It aligns with the tools professionals already use every day. GitHub Social Login [Pro] Let developers and tech professionals log in instantly with their GitHub accounts. Perfect for developer communities and tech-focused websites. Apple Social Login [Pro] Offer privacy-first authentication with Sign in with Apple. iOS and macOS users can protect their email privacy while enjoying seamless login experiences. Discord Social Login [Pro] Enable 150+ million Discord users, gaming communities, and Discord servers to log in with one click. Ideal for community-driven websites and creator platforms. LINE Social Login [Pro] LINE has around 184 monthly active users worldwide, which is a great option for websites targeting international audiences. 10 Key Reasons to Choose All In One Login for WP Login Security and Customization 😎 ⚡ Reason #1: Greater Security for Your WP-Admin AIO Login provides robust security features to protect your WP Admin page. Change WP-Admin URL: Customize the WordPress default login path. Ban User/IP Address: Block unauthorized access instantly. Detailed Activity Logs: Monitor all login attempts Limit Login Attempts: Prevent brute force attacks.. Whitelist IP Addresses: Restrict access to trusted IPs. ⚡ Reason #2: Complete Login Page Branding & Customization Create a professional, branded login experience that matches your website identity. Live Preview Customizer: See changes in real-time without coding. 9 Pre-Built Templates: Choose from modern, dark, glass, and corporate designs (2 free + 7 pro). Logo & Branding: Upload custom logos, set dimensions, and configure click behavior. Background Customization: Set desktop and mobile backgrounds with full control. Google Fonts Library: Access 1,900+ fonts for perfect typography. Form Styling: Customize colors, borders, shadows, spacing, and button designs Custom CSS: Add advanced styling with built-in code editor Favicon & Tab Title: Brand the browser tab for complete consistency ⚡ Reason #3: Brute Force Protection Protect your WordPress login page (wp-admin) from brute force attacks. Failed Login Limits: Set limits on login attempts. User Lockout: Lock out users after failed attempts. Custom Lockout Settings: Customize lockout duration. Prevent Unauthorized Access: Secure your WP Admin. Real-time Monitoring: Track login attempts and threats. ⚡ Reason #4: Spam Prevention and User Verification Prevent spam and unauthorized logins with Google reCAPTCHA integration. reCAPTCHA Integration: Add an extra layer of security. Customizable Settings: Choose between v2 and v3. Bot Prevention: Keep your login page spam-free. User Verification: Ensure only legitimate users access your site. User Enumeration: Prevent your usernames & ID’s from millicious attacks. Enhanced Security: Protect against automated attacks. ⚡ Reason #5: Comprehensive Activity Monitoring Monitor all login activities for enhanced WordPress login security. See the username, IP address, date, time, lockout list, and more. IP Address Ban: Block specific IPs. User Ban: Prevent specific users from logging in. Custom Messages: Display messages for banned users. Enhanced Control: Manage who can access your site. Immediate Action: Take action against threats swiftly. ⚡ Reason #6: Immediate Blocking of Suspicious Users Block suspicious users instantly to prevent unauthorized access to your WordPress login page and set a custom message on display for banned users. Real-time Logs: Track login attempts in real time. User Activity: Monitor user activities. IP Address Tracking: Review IP addresses. Failed Login Attempts: Get details on failed attempts. Security Audits: Conduct thorough security audits. ⚡ Reason #7: Advanced Two-Factor Authentication (2FA) Add multiple layers of security with flexible 2FA options tailored to your needs. Email OTP Authentication: Send 6-digit verification codes via email—no app required Authenticator App Support: Compatible with Google Authenticator, Microsoft Authenticator, and Authy Backup Codes: Generate one-time use codes for emergency access Grace Period: Give users time to configure 2FA before enforcement Remember Trusted Devices: Skip 2FA on recognized devices for 7-90 days Role-Based Enforcement: Apply 2FA to specific user roles or all users Force Session Logout: Terminate all active sessions when 2FA settings change ⚡ Reason #8: Simplified Access with Social Login Make logging in easier by allowing users to sign in with their existing social accounts. Multiple Platforms Supported: Google, Facebook, LinkedIn, and Microsoft. Faster Onboarding: Reduce friction during registration and login. Improved User Experience: No need to remember another password. Lower Abandonment Rates: Minimize drop-offs at sign-in. Seamless Integration: Works smoothly with your WordPress site. ⚡ Reason #9: Real-Time Security Notifications & Alerts Stay informed about security events with instant notifications to your favorite tools. Slack Integration: Get security alerts directly in your Slack workspace Webhook Support:Send events to Zapier, Make, n8n, or custom APIs Failed Login Alerts: Monitor every unsuccessful login attempt IP Lockout Notifications: Get notified when IPs are blocked User Enumeration Detection: Track username discovery attempts Custom Event Triggers: Choose which events send notifications JSON Format: Structured data for easy integration and automation ⚡ Reason #10: Create Personalized Login Experiences Control where users are redirected after login or logout to deliver a more streamlined and personalized user experience. Login Redirects: Send users to custom pages immediately after login. Logout Redirects:Redirect users to specific destinations after logout. Role-Based Rules: Create unique destinations for different user roles. User-Specific Redirects: Configure redirects for individual users. Fallback Protection: Ensure users always reach a valid destination, even if a target URL becomes unavailable. Try Our Other Awesome WordPress Plugins Gutena Forms: Create modern, responsive contact forms directly in the Gutenberg block editor. Add advanced fields, protect against spam with reCAPTCHA and Cloudflare Turnstile, manage form entries, and more. Password Protected: Secure your WordPress site, posts, pages, and categories with simple password protection. WP EasyPay: Accept Square payments and donations easily on your WordPress site. WC Shop Sync: Add Square payments and sync WooCommerce products, customers, and orders with your Square POS. Advanced File Manager: Easily manage and organize your WordPress files directly from the dashboard. Post SMTP: Easily configure and manage WordPress email delivery with reliable SMTP and detailed email logs directly from your dashboard. CF7 Apps: Add honeypot, hCaptcha, and database entries to Contact Form 7. New extensions are continuously added. myCred: Add gamification, rewards, ranks, badges, and points management systems to your WordPress website. New User Approve: Control user registrations by manually approving or denying new signups. Bookify: Your go-to online bookings and appointment scheduling plugin for WordPress. WPExperts WooCommerce Store: Explore premium WooCommerce plugins and professional solutions by WPExperts.== Requirements == Technical Documentation Click here to access our detailed, step-by-step technical documentation for complete security of your WordPress login page (wp-admin). Need Help? Get Expert Assistance Having trouble securing or customizing your WordPress login page (WP-Admin URL)? Don’t worry, our expert support team is here to help! 🤝 Our dedicated support team is here to guide you through any issues, answer your questions, and assist you in using the plugin to its full potential. 👉 Reach out by opening a support ticket, for fast and reliable help. We’re here for you!