Description
Login Guard is a powerful, privacy-first login security plugin that runs entirely on your own server — no cloud service, no external API calls, no telemetry.
Core Features
Brute-Force Protection
Automatically detects repeated failed login attempts from the same IP address. When a configurable threshold is reached, the IP is locked out and can be automatically added to the block list.
Live Login Activity Log
Every login attempt — successful, failed, or blocked — is recorded with IP address, username, user agent, and timestamp. Full filter, paginate, and export to CSV.
IP Block List
Manually block specific IP addresses, with permanent or time-limited expiry. Auto-blocked IPs are automatically pruned when their lockout period ends.
IP Allow List
Protect your own IP or your developer’s IP from ever being blocked — even during testing.
Instant Email Alerts
Get notified when a suspicious number of failed attempts is detected from a single IP, or when a successful login occurs from a new location for any user.
Dashboard Overview
At-a-glance stats with a 7-day bar chart (no external chart libraries), auto-refreshed every 30 seconds.
WP Admin Dashboard Widget
Quick stats and last 5 login attempts visible from the main WordPress dashboard.
Privacy
Login Guard stores IP addresses and usernames in your own database. No data leaves your server.
Free, Forever
No upsells, no premium tier, no usage limits. Login Guard is completely free.
❤️ Dedicated in loving memory of Maa — 18 May.
Screenshots
Installation
- Upload the
naveencodes-login-guardfolder to/wp-content/plugins/ - Activate through Plugins Installed Plugins
- Visit Login Guard Settings to configure thresholds
- Done — your site is now protected
FAQ
-
Will this lock me out of my own site?
-
Add your own IP to the Allow List from IP Manager Allowed to guarantee you are never blocked.
-
Does it work with Cloudflare or load balancers?
-
Yes. Login Guard checks
HTTP_CF_CONNECTING_IP,HTTP_X_REAL_IP, andHTTP_X_FORWARDED_FORbefore falling back toREMOTE_ADDR, so Cloudflare and most reverse-proxy setups work correctly. -
How do I unblock an IP?
-
Go to Login Guard IP Manager Blocked and click Unblock next to the IP address.
-
Does this slow down my login page?
-
No. The lockout check is a single indexed database query — typically under 1 ms.
-
Can I export the log?
-
Yes. Click Export CSV on the Activity Log page to download the full log with applied filters.
-
Does it send data to any external service?
-
No. Every feature runs entirely on your server with zero external requests.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“NaveenCodes Login Guard” is open source software. The following people have contributed to this plugin.
Contributors
Translate “NaveenCodes Login Guard” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release
- Brute-force lockout (configurable max attempts + window + lockout duration)
- Login activity log with filters, pagination, and CSV export
- IP block list: manual + auto-block with optional expiry
- IP allow list: IPs that are never blocked
- Email alert on suspicious activity (configurable threshold)
- Email alert on successful login from a new IP address
- 7-day bar chart dashboard (no external libraries)
- WP Admin dashboard widget
- Block IP inline from activity log
- Daily cron: prune old log entries + expired blocks
- Full WP.org Plugin Check compliance