Skip to content
WordPress.org
  • Showcase
  • Plugins
  • Themes
  • Hosting
  • News
    • Learn WordPress
    • Documentation
    • Education
    • Forums
    • Developers
    • Blocks
    • Patterns
    • Photos
    • Openverse ↗︎
    • WordPress.tv ↗︎
    • About WordPress
    • Make WordPress
    • Events
    • Five for the Future
    • Enterprise
    • Gutenberg ↗︎
    • Job Board ↗︎
    • Swag Store ↗︎
  • Get WordPress
Get WordPress
WordPress.org

Plugin Directory

Branexa

  • Submit a plugin
  • My favorites
  • Log in
  • Submit a plugin
  • My favorites
  • Log in

Branexa

By Jexla
Download
  • Details
  • Reviews
  • Installation
  • Development
Support

Description

Branexa combines full admin branding, login page customisation, social login (Google and Facebook), brute-force login protection, agency role targeting, and optional maintenance / panic tools in a single install.

Built for WordPress agencies and developers who hand off client sites and need a polished, branded admin experience without installing five separate plugins.

Features

Branding
* Replace the WordPress logo in the admin sidebar and admin bar
* Custom favicon
* Custom or hidden admin footer
* Inject custom CSS across all admin pages
* Adds branexa-elementor-active body class when Elementor is active (for custom CSS)
* Reset all settings to defaults from the Branding tab

Login Page
* Custom logo on the login form
* Background colour and image
* Submit button colour and optional custom button label
* “Remember me” checked by default (optional)
* Logo links to your site instead of wordpress.org

Dashboard
* Custom welcome panel title and message
* Optional welcome panel visible only to selected roles
* Hide the welcome panel entirely
* Hide individual dashboard widgets (Activity, At a Glance, Quick Draft, etc.)
* RSS feed widget showing your latest updates
* Second HTML dashboard panel for client notes
* Hide common post / page meta boxes in the editor

Menus & Plugins
* Hide admin menu items and plugins for non-admins, selected roles only, or everyone (configurable)
* Hide specific plugins from the plugin list

Security — Limit Login Attempts
* Configurable maximum failed attempts per IP
* Configurable lockout duration
* Uses WordPress transients — no extra database tables

Social Login
* “Continue with Google” button on the login page
* “Continue with Facebook” button on the login page
* Auto-creates subscriber accounts for new users
* Full OAuth 2.0 flow with CSRF state tokens

Agency tools
* Panic URL on wp-login.php clears IP lockout and temporarily bypasses rate limits
* Optional public maintenance / “coming soon” page with countdown and bypass password

Who is this for?

  • WordPress agencies delivering white-label sites to clients
  • Freelance developers who want a reusable all-in-one branding tool
  • SaaS and membership site owners who want a branded admin experience

External services

This plugin can connect to third-party services only when the site administrator enables Social Login and saves API credentials.

Google (OAuth 2.0)

Used for optional “Continue with Google” login on wp-login.php and compatible front-end login forms.

When a visitor uses Google login, the plugin sends an authorization code to Google’s OAuth token endpoint (oauth2.googleapis.com) using the site owner’s Client ID and Client Secret, then requests basic profile data (email and name) from Google’s OpenID userinfo endpoint (openidconnect.googleapis.com).

Data is sent only when the visitor clicks the Google login button.

Service provider: Google LLC
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy

Facebook (OAuth)

Used for optional “Continue with Facebook” login on wp-login.php and compatible front-end login forms.

When a visitor uses Facebook login, the plugin exchanges an authorization code with Facebook’s Graph API OAuth endpoints and requests basic profile data (email and name) from graph.facebook.com.

Data is sent only when the visitor clicks the Facebook login button.

Service provider: Meta Platforms, Inc.
Terms of Service: https://www.facebook.com/terms.php
Privacy Policy: https://www.facebook.com/privacy/policy

Installation

  1. Upload the branexa folder to /wp-content/plugins/.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to Branexa in the admin menu and configure each tab.

FAQ

Will my settings be lost if I deactivate the plugin?

No. Settings are preserved on deactivation and only removed if you uninstall (delete) the plugin.

Do I need developer accounts for Google/Facebook login?

Yes. You will need a Google Cloud project with an OAuth 2.0 Client ID, and a Facebook App with the Facebook Login product enabled. Both are free to create.

Does the login limit apply to admins?

Yes — it applies to all IP addresses equally to prevent brute-force attacks regardless of the targeted username.

Does login limiting work behind a proxy or CDN?

If your server is behind a load balancer, X-Forwarded-For headers may be spoofed. Restrict trust to your proxy IP at the server level, or disable the header if you are not behind a proxy.

Does this plugin track visitors?

No. Branexa does not include analytics or visitor tracking. Login attempt limiting stores failed-attempt counts per IP in your site’s database (WordPress transients) and does not send that data to external services. Social login only runs when enabled by the site administrator and initiated by the visitor.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Branexa” is open source software. The following people have contributed to this plugin.

Contributors
  • Jexla

Translate “Branexa” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.1.3

  • Tested up to WordPress 7.0.
  • Documented Google and Facebook external services in readme (data sent, terms, privacy).
  • Removed WordPress.org directory asset files from plugin package.
  • Replaced inline admin/login CSS and JS with wp_enqueue_style/script APIs.
  • Maintenance countdown uses external CSS/JS files instead of inline tags.

1.1.2

  • Fix: Correct legacy options migration key for older installs.
  • Fix: Uninstall cleanup now removes panic-bypass and OAuth state transients.
  • Fix: Front-end login style controls now isolate form/input/button options more reliably.
  • Update: Security docs clarify proxy/CDN X-Forwarded-For considerations.
  • Update: Admin JS header text now uses Branexa naming.

1.1.1

  • Removed X (Twitter) social login; Google and Facebook only. Legacy Twitter option keys are dropped when settings are saved.

1.1.0

  • Role targeting for hidden menus, plugins, dashboard widgets, RSS, extra panel, and editor meta boxes.
  • Welcome panel can be limited to selected roles; second HTML dashboard widget.
  • Login: custom submit label, optional Remember-me default, preview link.
  • Reset all settings to defaults; panic key URL; maintenance countdown + password bypass.
  • Elementor admin body class for custom CSS.
  • Fixes and documentation updates.

1.0.0

  • Initial release.

Meta

  • Version 1.1.3
  • Last updated 14 hours ago
  • Active installations Fewer than 10
  • WordPress version 6.0 or higher
  • Tested up to 7.0.1
  • PHP version 7.4 or higher
  • Tags
    admin brandinglimit login attemptslogin customizersocial loginWhite Label
  • Advanced View

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

  • Jexla

Support

Got something to say? Need help?

View support forum

  • About
  • News
  • Hosting
  • Privacy
  • Showcase
  • Themes
  • Plugins
  • Patterns
  • Learn
  • Documentation
  • Developers
  • WordPress.tv ↗
  • Get Involved
  • Events
  • Donate ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org
  • Visit our X (formerly Twitter) account
  • Visit our Bluesky account
  • Visit our Mastodon account
  • Visit our Threads account
  • Visit our Facebook page
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
Code is Poetry
The WordPress® trademark is the intellectual property of the WordPress Foundation.