Hardens the WordPress login flow with rate limiting, IP lockouts, and an audit log you can read from the admin screen.
- Caps the number of login attempts per IP before a lockout kicks in. You set the ceiling.
- Gives you an admin screen to see which IPs are locked and release them by hand.
- Keeps a timestamped log of failed and successful logins.
- Clears expired lockout records on a WP-Cron schedule, so the table doesn't grow forever.
It runs entirely on your own site. There's no external service to sign up for, no cloud account, and no telemetry phoning home. Nothing about your login traffic leaves the server.
- WordPress 6.4+
- PHP 8.1+
- Upload the plugin to
/wp-content/plugins/thisismyurl-login-support/. - Activate it through the WordPress Plugins screen.
- Go to Settings > Login Support to set your thresholds.
Versions follow X.Yjjj.hhmm — year, Julian day, 24-hour time of the build.
Login Support is built and maintained by Christopher Ross. I build focused WordPress tools for problems that keep showing up across real sites. No tracking, no ads, no upsells.
WordPress.org: profiles.wordpress.org/thisismyurl · GitHub: github.com/thisismyurl · LinkedIn: linkedin.com/in/thisismyurl
GPL-2.0-or-later. See LICENSE.