๐ Authentication Methods
Control how users authenticate to access the WordPress admin area
Two-Factor Authentication (2FA)
Require TOTP or SMS verification for all admin logins
Single Sign-On (SSO)
Allow login via Google, Microsoft, or OAuth2 providers
Admins must save recovery codes if email recovery is disabled.
๐ก๏ธ Access Control & Brute Force Protection
Prevent unauthorized access and mitigate credential stuffing attacks
IPs exceeding this limit will be temporarily blocked for 15 minutes.
Custom Login URL
Replace /wp-login.php with a randomized endpoint
IP Whitelisting
Only allow logins from specified IP addresses or ranges
๐ Password & Session Policies
Enforce strong credentials and manage active sessions
Require Mixed Case & Symbols
Enforce uppercase, lowercase, numbers, and special characters
Secure Cookie Policy
Force HTTPS-only cookies and HttpOnly flags
๐ Audit Logging & Alerts
Track login activity and receive real-time security notifications
Login Activity Logging
Record successful and failed login attempts with IP & user-agent
Real-time Email Alerts
Notify admins immediately on suspicious login activity