LoginPlus is the login security layer every WordPress site installs first. Brute force lockouts, TOTP 2FA, Google social login, and a full audit log — all set up in 60 seconds with the one-click wizard.
No license key. No account. Works on WordPress 6.0+ with PHP 7.4+.
Preview
Scroll inside the frame to explore the full admin interface.
What’s included
Five security modules covering brute force, 2FA, social login, audit logging, and alerts — set up in one click.
Auto-lockout after N failed attempts per IP. IP allowlist for trusted addresses. Uses WordPress transients — no extra DB table, no cron required.
TOTP (RFC 6238) compatible with Google Authenticator, Authy, and 1Password. Email OTP fallback when no app is available. Pure PHP — zero external API calls.
Let users sign in with Google via OAuth 2.0. Links to existing accounts by email, creates new accounts when none exist. Server-side token exchange only.
Complete audit trail of every login and failed attempt. Stored in a dedicated table with configurable retention and automatic WP-Cron cleanup.
Admins receive instant notifications for security events. Rate-limited to prevent alert fatigue. Uses wp_mail() — no SMTP config needed.
After activation, a full-screen wizard walks through every option. Toggle what you want, click one button, and your site is protected.
Setup
The wizard handles everything. No config files, no SQL, no manual steps.
Upload loginplus-1.0.0.zip via WP Admin → Plugins → Add New. Click Install, then Activate.
LoginPlus redirects you to a full-screen setup wizard. Toggle what you want, then click “Save & Activate”.
Brute force protection, logging, and email alerts are live. The dashboard shows real-time activity.
Architecture
LoginPlus extends WordPress security using native hooks. It never replaces wp-login.php, never patches core, and adds zero complexity to your authentication stack.
authenticate, wp_login, and wp_login_failed filters// Priority 1
LP_Brute_Force::check_lockout()
// Priority 5
LP_2FA::handle_token_step()
// Priority 10
wp_authenticate_username_password (core)
// Priority 20
LP_Logger::log_success()
// Priority 30
LP_2FA::intercept_after_password()
LP_Email_Alerts::check_new_ip()
Open source
Free forever. One-click setup. No account required.