Admin Safety Guard
Admin Safety Guard is a powerful yet lightweight WordPress security plugin that protects your login page and admin dashboard from hackers, bots, and brute-force attacks. It is built for anyone — from first-time bloggers to experienced developers — with a clean interface, clear settings, and features that work from the moment you activate it. WordPress is the most popular website platform in the world, which also makes it the most targeted. Every day, thousands of automated bots scan WordPress sites looking for weak passwords, exposed login pages, and unpatched vulnerabilities. Admin Safety Guard closes those doors quickly and reliably, without slowing down your site or requiring any technical expertise. Why WordPress Sites Get Hacked — And How Admin Safety Guard Stops It Most successful WordPress attacks follow the same pattern: A bot finds your login page at the default wp-login.php address. It tries thousands of username and password combinations (brute-force attack). Once inside, it installs malware, steals data, or takes over your site. Admin Safety Guard blocks every step of this attack chain — for free. Free Features Limit Login Attempts (Active by Default) Automatically block any IP address that fails too many login attempts. You control the number of allowed attempts, the lockout duration, and the message shown to blocked users. Brute-force attacks become impossible when attackers are locked out after 3 failed tries. Login Limit Attempts is the only feature enabled by default on fresh install, so your site is protected the moment you activate the plugin. Custom Login URL Move your login page away from the default wp-login.php address. Bots and automated scanners will never find your login page because it simply does not exist at the expected location. You can set any slug you like, and the plugin handles redirect rules automatically. You can also set a custom redirect URL for after login and after logout. Two-Factor Authentication (2FA) via Email OTP After a user enters their correct password, a one-time passcode (OTP) is sent to their email address. They must enter that code to complete the login. Even if a hacker steals a password, they cannot get in without also accessing the user’s email inbox. You can customise the OTP email subject and body to match your brand. Google reCAPTCHA (v2 & v3) Add Google reCAPTCHA to your login form to block automated bots in real time. Both reCAPTCHA v2 (the familiar checkbox) and v3 (invisible, score-based) are supported. Simply enter your site key and secret key from Google, choose your version, and reCAPTCHA will handle the rest silently in the background. IP Blocking Manually block specific IP addresses from accessing your login page entirely. If you notice a suspicious IP in your activity log or receive repeated failed login alerts, add that IP to the block list and it will be turned away immediately. Perfect for stopping known bad actors before they become a problem. Login Logs & Activity Tracking See exactly who is logging in to your site and when. The activity dashboard shows successful logins, failed login attempts, IP addresses, user agents, and timestamps in a clear, searchable table. You will always know if something unusual is happening on your site, and you have the evidence to act on it. Security Analytics Dashboard The built-in analytics dashboard gives you a real-time overview of your site’s security health. It shows your overall Security Score (based on how many features you have enabled), recent login activity, failed login trends, and a breakdown of which security features are active versus inactive. It is the first page you see when you open the plugin, giving you immediate situational awareness. Hide Admin Bar (by Role) Choose which user roles see the WordPress admin bar on the front end of your site. For example, you can hide the admin bar from subscribers and customers while keeping it visible for editors and administrators. This reduces information leakage and gives non-admin users a cleaner experience. Password Protection (Site-Wide) Lock your entire website behind a password. Visitors must enter the correct password before they can view any content. This is ideal for staging sites, coming-soon pages, client previews, or any situation where you want to restrict public access temporarily. You can set the access duration and exclude specific user roles from the password requirement. Privacy Hardening — Disable XML-RPC The WordPress XML-RPC interface is a common target for brute-force and DDoS amplification attacks. With one toggle, you can disable it completely. Unless you rely on XML-RPC for mobile app publishing or specific third-party integrations, disabling it is a safe and recommended step for almost every WordPress site. Login Page Customisation & Branding Replace the default WordPress logo on the login page with your own logo. Set the logo width, height, and URL. Choose from pre-built login page templates to give your login form a professional, branded appearance. This is especially useful for agencies delivering client sites and for anyone who wants a polished, consistent look. Firewall & Malware Overview The Firewall & Malware section gives you a central view of your site’s firewall and malware protection status. It shows all related features in one place so you can see what is active and what still needs attention, making it easy to build up your security layer by layer. Pro Features Admin Safety Guard Pro extends the plugin with advanced security tools designed for agencies, developers, and high-traffic sites. Passwordless Login (Magic Links) Let users log in with a secure, one-time link sent to their email — no password needed. Magic links expire after a single use, making them more secure than passwords for many workflows. 2FA via Mobile Authenticator App Add Google Authenticator or Authy-compatible two-factor authentication to your login flow. Users scan a QR code once, then generate time-based OTP codes from their phone app. This is the same method used by banks and enterprise software. Social Login Allow users to log in with their existing Google, Facebook, or other social media accounts. Reduce friction at sign-up and login, while keeping full control over which providers are allowed. Database Table Prefix Check The default WordPress database prefix wp_ is well-known to attackers and makes SQL injection easier. This Pro tool detects your current prefix and guides you through changing it to a unique, random value to close that vulnerability. Strong Password Enforcement Set a minimum password strength policy for your users. When they update their password, it must meet your requirements — rejecting weak, guessable passwords before they become a security risk. Advanced Firewall & Malware Scanner Scan your WordPress files and database for known malware signatures, suspicious code injections, and modified core files. Get alerts when threats are detected and take action directly from the plugin dashboard. Upgrade to Pro to unlock all Pro features. Who Is Admin Safety Guard For? Bloggers & Content Creators You focus on writing — not on managing server security. Admin Safety Guard protects your login page and admin area quietly in the background with zero ongoing maintenance required. Small Business Owners Your website is your business. A hack can bring it down, damage your reputation, and cost you money. Admin Safety Guard gives you enterprise-level login protection without the enterprise price tag. WooCommerce Store Owners An online store holds customer data, payment details, and order history. Limit login attempts, add 2FA, and lock down your admin area so only you and your trusted team can get in. Freelancers & Web Designers Deliver more secure sites to clients out of the box. Customise the login page with the client’s branding, lock down the admin bar by role, and hand over a professional, secure WordPress installation every time. Agencies & Development Teams Manage security across multiple client sites with a consistent, repeatable setup. All features are toggle-based and clearly documented, making it easy to onboard new team members and maintain a security standard across your portfolio. Developers & Site Administrators Fine-tune every setting — login attempt limits, lockout durations, OTP email templates, reCAPTCHA version, redirect URLs, IP block lists, and more. Admin Safety Guard is built on WordPress hooks and filters, so it plays well with the rest of your stack. What Makes Admin Safety Guard Different? Lightweight by design. Assets are loaded only on the pages that need them. The plugin has no impact on your site’s front-end load time. No configuration required to get started. Limit Login Attempts is enabled automatically on install. Your site is more secure the moment you activate the plugin. All features are clearly labelled Free or Pro. You can see exactly what is available and what requires the Pro version before making any decisions. Clean, modern dashboard. The settings UI is built with React for a fast, app-like experience. Finding and configuring features takes seconds, not minutes. Built to WordPress standards. Every input is sanitised, every output is escaped, all AJAX requests use nonce verification, and every database query uses prepared statements. Support For any issues, questions, or feature requests, please reach out via Support. External Services This plugin uses the following third-party and external services: 1) Google reCAPTCHA (Google LLC) Purpose: Used to protect forms from spam and automated abuse. When it is used: – When reCAPTCHA is enabled in plugin settings – On login forms and support forms protected by reCAPTCHA What data is sent: – User IP address – reCAPTCHA response token generated by Google – Browser information as required by Google reCAPTCHA Service provider: Google LLC Terms of Service: https://policies.google.com/terms Privacy Policy: https://policies.google.com/privacy 2) ThemePaste API (Plugin Author Service) Purpose: Used for: – Collecting optional admin email addresses for plugin updates and notifications – Sending support requests from the plugin support form – Collecting optional feedback when a user attempts to deactivate the plugin – Managing plugin-related notifications (only if the user provides contact details) When it is used: – When a user submits the built-in support form – When a user opts to send diagnostic information – Submitting the optional deactivation feedback form What data is sent: – Name – Email address – Phone number (if provided) – Message content – Site URL – Plugin name – Feedback text (if provided) – Support message content – Deactivation reason (if provided) No data is sent without user action. Service provider: ThemePaste.com Terms of Service: https://themepaste.com/terms-condition Privacy Policy: https://themepaste.com/privacy-policy Development / Source Code This plugin includes compiled JavaScript bundles in: – assets/admin/build/*.bundle.js The original (human-readable) source files are included in this plugin under: – spa/admin/ Build Tools – Node.js (LTS recommended) – npm – Webpack + Babel Source Entry Points The admin SPA bundles are built from the following entry points: spa/admin/login-template/Main.jsx -> assets/admin/build/loginTemplate.bundle.js spa/admin/login-logs-activity/Main.jsx -> assets/admin/build/loginLogActivity.bundle.js spa/admin/analytics/Main.jsx -> assets/admin/build/analytics.bundle.js spa/admin/security-core/Main.jsx -> assets/admin/build/securityCore.bundle.js spa/admin/firewall-malware/Main.jsx -> assets/admin/build/firewallMalware.bundle.js spa/admin/privacy-hardening/Main.jsx -> assets/admin/build/privacyHardening.bundle.js spa/admin/monitoring-analytics/Main.jsx -> assets/admin/build/monitoringAnalytics.bundle.js Install Dependencies From the plugin root directory (or the directory where package.json exists): 1) Install dependencies: npm install Build (Production) To generate the production bundles: npm run build Output Location Webpack outputs the compiled bundles to: assets/admin/build/[name].bundle.js Important Notes – Do not edit files in assets/admin/build/ directly. They are generated files. – Edit the source files under spa/admin/ and re-run the build command. – For WordPress.org distribution, production builds should be used (mode=production). Links Website Documentation Pro Version Facebook Pinterest LinkedIn Instagram
Top keywords
- admin38×1.98%
- login33×1.72%
- build15×0.78%
- wordpress15×0.78%
- site14×0.73%
- google12×0.62%
- admin build11×0.57%
- assets11×0.57%
- page11×0.57%
- password11×0.57%
- security11×0.57%
- user11×0.57%
Melapress Login Security
COMPREHENSIVE WORDPRESS LOGIN SECURITY PLUGIN Melapress Login Security enables you to effortlessly set login security policies that put you firmly in the driver’s seat of your WordPress sites. Policies are highly customizable and granular and can be implemented by user role or site-wide for complete control over the security of your WordPress login processes. Use the free edition of Melapress Login Security to implement WordPress password requirements such as minimum length and complexity rules. The plugin also allows you to set password expiration policies, prevent password reuse, limit failed login attempts, and automatically disable inactive user accounts, among other things. This helps you: Prevent unauthorized login attempts Protect against brute force attacks Comply with GDPR with a login consent notice 🔐 Features list A secure WordPress login starts right here. Explore all of the features included with the free edition of Melapress Login Security: Set password policies Strong passwords are your first line of defense against bad actors looking to gain access to your site. Set password requirement policies to make sure users set strong passwords. Set policies by user role or site-wide and define policy priority for users with multiple roles. Set minimum password length Require uppercase and lowercase characters, numbers, and special characters Set an automatic password expiration policy and advise users when their password is about to expire Disallow users from reusing passwords Provide users with helpful instructions during the password configuration stage Disable password reset links Mandate WordPress password reset on the first login Limit login attempts Limit failed login attempts and put an end to brute force attacks. Protect your login form by automatically disabling user accounts after a number of failed login attempts. Choose between manual unlocking by an admin or automatic unlocking after a cooldown period. Temporary login without password Provide temporary and secure login access to third parties, like developers, editors, employees or others, without a password. It works by providing the user with a temporary login link that expires after a certain amount of time, or after a number of uses. This prevents you from having to create new user accounts manually, while simultaneously reducing the security risks associated with old, unused user accounts. Change WordPress login URL Easily deploy security-by-obscurity tactics and change your WordPress login page URL using a plugin! Hiding the default login page from hackers makes it more difficult to find, potentially reducing brute force attacks and other unauthorized access attempts. After you change the default wp-admin URL, you can set a 404 for the old login page or redirect it to any page of your choosing. Limit login page access by IP address(es) Limit access to the WordPress login page by IP address(es) for additional security. GDPR login page consent notice Easily meet GDPR requirements by adding a GDPR consent notice to the login page. This is required for GDPR and PCI DSS compliance, thus ensuring your WordPress site login page is in compliance. Emergency password reset Discovered suspicious behavior? Reset all users’ passwords with just one click and regain instant control. Upgrade to Melapress Login Security Premium and get even more benefits. The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them. Premium features list Everything included in the free edition Manually lock user accounts to immediately prevent login access for rarely used accounts or users on extended leave Add an extra security layer with security questions users must answer when performing sensitive actions such as password resets and account unlocks Receive email alerts for unrecognized device logins, with the option to remotely terminate the session Control user session duration by extending or shortening session timeouts to balance security and convenience One-click integration with third-party plugins such as WooCommerce, LearnDash, MemberPress, and many others Automatically disable inactive WordPress users after a configurable period of inactivity Apply Geo-blocking rules to allow or block login access based on specific countries Restrict users’ login to specific IP addresses, including support for multiple allowed IPs Restrict WordPress user login times by day and/or hours Limit login credentials to email address, username, or both Add a GDPR consent notice to the WordPress login page View detailed user security reports, including last activity, password age, and expired passwords Receive weekly email summary reports covering password resets, password changes, user account lockouts, and more |💎 UPGRADE TO PREMIUM | Why you should use Melapress Login Security Melapress Login Security is a WordPress plugin built from the ground up to help you improve the security of your user accounts and secure your WordPress login. Supercharge login credentials for maximum effectiveness and put a stop to unlimited login attempts, weak passwords, and inactive users. Set up policies to reduce your attack surface area such as login times restrictions, change the WordPress login URL, and much more. Free and premium support Support for the free edition of Melapress Login Security is free on the WordPress support forums. Premium world-class support via one-to-one email is available to the Premium users – upgrade to premium to benefit from priority support. For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form. MAINTAINED & SUPPORTED BY MELAPRESS Melapress builds high-quality WordPress security & admin plugins such as WP 2FA, Melapress Role Editor,and WP Activity Log, the #1 user-rated activity log plugin for WordPress. Visit our website to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users. Install the plugin from within WordPress Keeping a secure WordPress login page is easy with Melapress Login Security. Simply: From your WordPress dashboard, navigate to Plugins > Add New Search for “Melapress Login Security” Install & activate Melapress Login Security from your Plugins page Install the plugin manually (via file upload) Download the plugin from the WordPress plugins repository Unzip the zip file and upload the folder to the /wp-content/plugins/ directory Activate the Melapress Login Security plugin through the Plugins page in WordPress