🛡️ Free Plugin

Guard — WordPress Login Protection

Block brute-force attacks, bots, and unauthorized access. Lightweight, zero external API calls.

Download Free Get PRO Learn More
wp-admin / Guard
Guard Dashboard v1.0
1,247
Attempts
89
Blocked
93%
Success Rate
Login Status
Block Reasons
Features

Everything You Need for Protection

Guard protects your site from common login attacks. Zero external APIs, minimal server load.

🔒

Login Limits

Auto-lockout after a configurable number of failed login attempts.

📋

Login Log

Complete log with IP, username, status, and timestamp. Searchable and sortable.

🚫

IP Blacklist

Manually block suspicious IP addresses. Permanently or for a set duration.

🙈

Hide Errors

Replaces "Wrong password" and "No such user" with a generic error message.

🔌

XML-RPC Block

Full or partial XML-RPC blocking — the main brute-force attack vector.

🍯

Honeypot Trap

Invisible field on the login form. Bots fill it — and get blocked instantly.

Protect Your Site for Free

Guard is open-source, no subscriptions, no ads.

Download Free Get PRO
PRO

Need More Protection?

Guard PRO adds advanced security features for serious projects.

🌍

GeoIP Blocking

Block entire countries. IP detection via ip-api.com with caching.

📱

Two-Factor Authentication

TOTP (Google Authenticator). QR code + backup codes for each user.

🔔

Notifications

Email and Telegram alerts on IP blocks, admin logins, failure thresholds.

🔗

Custom Login URL

Replace /wp-login.php with your own address. Default URL returns 404.

🤖

reCAPTCHA / hCaptcha

reCAPTCHA v3 or hCaptcha integration on the login form.

🕵️

Attack Detector

Detects credential stuffing and distributed brute-force attacks.

Learn About Guard PRO →

Free vs PRO

FeatureFreePRO
Login attempt limits
Login log
IP blacklist
Hide login errors
XML-RPC blocking
Honeypot trap
Dashboard with charts
IP whitelist
Country blocking
Two-factor authentication
Email notifications
Telegram notifications
Custom login URL
reCAPTCHA / hCaptcha
Attack detector

How It Works

1

Install

Download Guard from the WordPress directory or install the ZIP manually.

2

Configure

Set attempt limits, lockout duration, and additional parameters.

3

Forget About It

Guard works automatically. Visit the dashboard to see your stats.

Privacy

Guard Free does not connect to any external services. All data is stored locally in your WordPress database. IP addresses are logged solely for attack protection and are automatically deleted after a configurable period (30 days by default).

FAQ

FAQ

Does this plugin slow down my site?

No. Guard performs one indexed DB query per login attempt. Zero external API calls.

What if I lock myself out?

Lockouts are temporary (30 minutes by default). To unblock early, delete the record from wp_lwg_blocked_ips via phpMyAdmin.

Does it work with Cloudflare?

Yes. Guard checks CF-Connecting-IP, X-Forwarded-For, and X-Real-IP headers to detect the real visitor IP.

Can I permanently block an IP?

Yes. Go to Guard → Blocked IPs and add the address manually.

Support

Support the project

All plugins have a free version.
If they help you — consider supporting development.

Ko-fi Quick donation with no platform fees. Donate on Ko-fi Boosty Donate with cards and local payment methods. Donate on Boosty