Holographic Login Shield

Holographic Login Shield helps protect the WordPress login area from repeated failed logins, automated abuse and common account-discovery behaviour.

The plugin is designed to stay focused. It adds practical login hardening without replacing the WordPress admin area, adding unnecessary front-end assets or sending free-plugin security logs to an external service.

Free features include configurable failed-login lockouts, an automatic permanent IP block threshold, local allowed and blocked IP address lists, Cloudflare-aware visitor IP detection, a paginated recent activity log, CSV log export, log retention cleanup, generic login errors, XML-RPC control, Application Password control, optional author archive blocking, a hidden bot trap and optional throttled failed-login email alerts.

Allowed IP addresses can be added manually or with the Add My IP button. Blocked IP addresses can be added manually and are also populated automatically when the permanent blocking threshold is reached. Both lists remain local to your WordPress site.