Comprehensive login protection including attempt limiting and customization.
Comprehensive login protection including attempt limiting, customization, and brute-force prevention.
| Feature | Description |
|---|---|
| Login Attempt Limiting | Lockout after X failed attempts |
| IP-Based Tracking | Uses transients for lockout data |
| XML-RPC Auth Disable | Block authentication via XML-RPC |
| App Passwords Disable | Prevent API key generation |
| Generic Error Messages | Hide whether username exists |
| Custom Login Logo | Replace WordPress logo |
| Custom Login Colors | Background and form styling |
| Lockout Logging | Track blocked IPs and usernames |
| Option | Default | Description |
|---|---|---|
max_attempts | 5 | Attempts before lockout |
lockout_duration | 15 | Lockout duration in minutes |
disable_xmlrpc_auth | true | Block XML-RPC authentication |
hide_login_errors | true | Show generic error messages |