MSC Stealth Login

MSC Stealth Login provides comprehensive protection for your WordPress login page, blocking attackers while keeping your site accessible to legitimate users.

Stealth Login URL

Change your login page from /wp-login.php to a custom URL like /secure-login/. Attackers scanning for standard WordPress login pages will be blocked before they can even attempt a brute force attack.

wp-admin Protection

Block direct access to /wp-admin/ for users who aren’t logged in. They’ll be redirected to your custom login page instead, preventing exposure of your admin area.

Brute Force Protection

After failed login attempts, MSC Stealth Login progressively increases lockout durations. First-time offenders wait 15 minutes, repeat offenders face increasingly longer delays. This stops automated attacks while minimizing disruption to real users who mistype their password.

Email Notifications

Stay informed about security events with configurable email alerts:

• Lockout notifications when IPs are blocked
• Admin login alerts for every administrator sign-in
• New IP alerts when users log in from previously unseen locations

Login History & Export

Track all login attempts with detailed logging. Filter by IP address, username, result type, or date range. Export reports to CSV for security audits.

XML-RPC & REST API Protection

Disable vulnerable XML-RPC endpoints commonly exploited for brute force attacks. Block REST API user enumeration that lets attackers harvest usernames.

IP Whitelist

Bypass protection for trusted IP addresses. Add your office, home, or server IPs to ensure uninterrupted access while maintaining maximum security for everyone else.

Progressive Lockout System

Unlike simple lockouts that reset immediately, MSC Stealth Login uses a multiplier system. Each successive lockout doubles the wait time (15 min → 30 min → 60 min → 120 min). The multiplier resets after 24 hours without an attempt, balancing security with usability.

Recovery URL

Forgot your custom login URL? No problem. The recovery system lets you regain access through a secure bypass URL that’s displayed in your WordPress admin bar when logged in.

Privacy

MSC Stealth Login collects the following data to provide its security features:

• IP Addresses: Logged for every login attempt (successful, failed, and locked out) to enable brute force protection and login history.
• Usernames: Logged with each login attempt to help administrators identify targeted accounts.
• User Agents: Logged with each login attempt for security auditing.
• Login History: All login attempts are stored in the database and can be viewed in the History tab or exported as CSV.

Data collection only occurs when the plugin is active. All collected data is stored in your WordPress database and is not sent to any external services. Administrators can clear login history at any time from the History tab.

This plugin does not use cookies or third-party tracking.