Back
Login Armor

Login Armor

By wpformation
Details
View on WordPress
Back

LoginArmor protects your WordPress site with five security modules in a single, lightweight plugin. No external dependencies, no bloat, no upsells.

Hide Login

Replace the default wp-login.php URL with a custom slug. Anyone trying to access the old URL gets a 404 or a configurable redirect.

  • Custom login slug (e.g., yoursite.com/my-secret-login)
  • Configurable redirect for blocked access attempts
  • Recovery email with the secret URL
  • Compatible with password-protected posts
  • Works with multisite (subdomain and subfolder)

Brute Force Protection

Automatically lock out IP addresses after repeated failed login attempts. Escalates to extended bans for persistent attackers.

  • Configurable retry limit, lockout duration, and ban threshold
  • IP safelist (localhost always safelisted)
  • Remaining attempts shown on the login form
  • Subnet blocking for distributed attacks
  • Compatible with reverse proxies and Cloudflare

Hardening

One-click security toggles that harden common attack surfaces. Apply all 7 recommended defaults with a single button.

  • Disable XML-RPC
  • Disable file editor
  • Hide WordPress version
  • Mask login errors
  • Block PHP execution in uploads
  • Prevent author enumeration
  • Restrict REST API access
  • Protect system files
  • Disable directory listing
  • Disable application passwords

Detection & Incidents

Automatic pattern detection engine that identifies and classifies attacks in real time.

  • Five attack patterns: brute force, credential stuffing, enumeration, distributed, post-compromise
  • Incident severity levels: low, medium, high, critical
  • Incident dashboard with drill-down investigation
  • Resolve or ignore incidents from the dashboard

Activity Log

Track admin actions across six domains to detect compromised admin accounts.

  • Users: creation, deletion, role changes, email/password changes
  • Posts & Pages: create, edit, trash, restore, delete, status changes
  • Media: uploads, edits, deletions
  • Plugins: install, activate, deactivate, update, delete
  • Themes: install, activate, update, delete
  • Critical options: site URL, admin email, registration, roles, permalinks

Notifications

Get alerted when attacks reach a threshold via your preferred channel.

  • Email notifications
  • Slack webhooks
  • Discord webhooks
  • Custom generic webhooks
  • Configurable severity threshold and rate limiting

WP-CLI

Full command-line interface for administrators.

  • wp login-armor status — overall plugin status
  • wp login-armor activity list — recent admin actions
  • wp login-armor incidents list — security incidents
  • wp login-armor unblock <ip> — unblock a locked IP
  • wp login-armor whitelist add|remove|list — manage IP safelist
  • wp login-armor reset-slug — change the hidden login URL
  • wp login-armor purge-logs — clean old data

Why LoginArmor?

  • Zero dependencies — no Composer, no external libraries, no CDN resources
  • Lightweight — focused security plugin, no feature bloat
  • Modern code — PHP 8.1+ with strict typing, OOP architecture
  • Privacy-first — no external requests unless you configure notifications
  • Custom admin UI — clean, professional dashboard with no WordPress admin clutter
  • Multisite ready — full network activation support
  • WP-CLI support — manage everything from the command line

External Services

Webhook Notifications (optional)

When explicitly enabled and configured by the administrator in LoginArmor > Settings > Notifications, the plugin sends incident data to third-party services via webhooks.

Data sent: incident type, severity level, IP address, target username, event count, and site URL.

No data is sent unless the administrator actively enables and configures a notification channel.

Gravatar (Automattic)

The Activity Log tab uses WordPress core’s get_avatar() function to display user avatars. WordPress may send a hashed email address to Gravatar servers to retrieve avatar images. This is controlled by Settings > Discussion > Avatars.

Details

Plugin code:
login-armor
Plugin version:
1.0.2
Author:
wpformation
Outdated:
No
WP version:
6.8 or higher
PHP version:
8.1 or higher
Test up to WP version:
6.9.4
Total installations:
0
Last updated:
2026-04-27
Rating:
Times rated:
0
activity-log
brute-force
hide-login
limit-login
login-security

Related plugins

Plugins that also contain the tag activity-log

WP Activity Log
WP Activity Log
Activity Log – Monitor & Record User Changes
Activity Log &#8211; Monitor &amp; Record User Changes
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity
Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity
WP Admin Audit
WP Admin Audit
Adminify Activity Logs
Adminify Activity Logs
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
login
social
reviews
events
dashboard
admin
blocks
affiliate
categories
api
posts
photo
chatbot
youtube
responsive
cache
import
ads
block
mobile
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology