Login Armor Wordpress Plugin - Rating, Reviews, Demo & Download

No ratings yet

Free

Plugin Description

LoginArmor protects your WordPress site with five security modules in a single, lightweight plugin. No external dependencies, no bloat, no upsells.

Hide Login

Replace the default wp-login.php URL with a custom slug. Anyone trying to access the old URL gets a 404 or a configurable redirect.

• Custom login slug (e.g., yoursite.com/my-secret-login)
• Configurable redirect for blocked access attempts
• Recovery email with the secret URL
• Compatible with password-protected posts
• Works with multisite (subdomain and subfolder)

Brute Force Protection

Automatically lock out IP addresses after repeated failed login attempts. Escalates to extended bans for persistent attackers.

• Configurable retry limit, lockout duration, and ban threshold
• IP safelist (localhost always safelisted)
• Remaining attempts shown on the login form
• Subnet blocking for distributed attacks
• Compatible with reverse proxies and Cloudflare

Hardening

One-click security toggles that harden common attack surfaces. Apply all 7 recommended defaults with a single button.

• Disable XML-RPC
• Disable file editor
• Hide WordPress version
• Mask login errors
• Block PHP execution in uploads
• Prevent author enumeration
• Restrict REST API access
• Protect system files
• Disable directory listing
• Disable application passwords

Detection & Incidents

Automatic pattern detection engine that identifies and classifies attacks in real time.

• Five attack patterns: brute force, credential stuffing, enumeration, distributed, post-compromise
• Incident severity levels: low, medium, high, critical
• Incident dashboard with drill-down investigation
• Resolve or ignore incidents from the dashboard

Activity Log

Track admin actions across six domains to detect compromised admin accounts.

• Users: creation, deletion, role changes, email/password changes
• Posts & Pages: create, edit, trash, restore, delete, status changes
• Media: uploads, edits, deletions
• Plugins: install, activate, deactivate, update, delete
• Themes: install, activate, update, delete
• Critical options: site URL, admin email, registration, roles, permalinks

Notifications

Get alerted when attacks reach a threshold via your preferred channel.

• Email notifications
• Slack webhooks
• Discord webhooks
• Custom generic webhooks
• Configurable severity threshold and rate limiting

WP-CLI

Full command-line interface for administrators.

• wp login-armor status — overall plugin status
• wp login-armor activity list — recent admin actions
• wp login-armor incidents list — security incidents
• wp login-armor unblock <ip> — unblock a locked IP
• wp login-armor whitelist add|remove|list — manage IP safelist
• wp login-armor reset-slug — change the hidden login URL
• wp login-armor purge-logs — clean old data

Why LoginArmor?

• Zero dependencies — no Composer, no external libraries, no CDN resources
• Lightweight — focused security plugin, no feature bloat
• Modern code — PHP 8.1+ with strict typing, OOP architecture
• Privacy-first — no external requests unless you configure notifications
• Custom admin UI — clean, professional dashboard with no WordPress admin clutter
• Multisite ready — full network activation support
• WP-CLI support — manage everything from the command line

External Services

Webhook Notifications (optional)

When explicitly enabled and configured by the administrator in LoginArmor > Settings > Notifications, the plugin sends incident data to third-party services via webhooks.

Data sent: incident type, severity level, IP address, target username, event count, and site URL.

No data is sent unless the administrator actively enables and configures a notification channel.

• Slack — Terms of Service | Privacy Policy
• Discord — Terms of Service | Privacy Policy
• Custom Webhook URL — User-configured endpoint (administrator’s responsibility)

Gravatar (Automattic)

The Activity Log tab uses WordPress core’s get_avatar() function to display user avatars. WordPress may send a hashed email address to Gravatar servers to retrieve avatar images. This is controlled by Settings > Discussion > Avatars.

• Gravatar — Automattic Terms of Service | Privacy Policy

Screenshots

1. 

   Overview dashboard — health cards, security pulse, live events

2. 

   Incidents — attack pattern detection with drill-down investigation

3. 

   Events — login attempts log with filters and CSV export

4. 

   Activity Log — admin action tracking across six domains

5. 

   Settings — modular configuration with live security score

6. 

   Hardening — toggle groups across surface reduction, credential hardening, request filtering

7. 

   Dashboard widget — at-a-glance protection status from any admin page

Similar Plugins:

Auth Armor – Passwordless Login Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Reviews And Rating – Google Reviews