‹ MAA Labs plugins
🔐
Security
● Live on WordPress.org

Login Guard

Brute-force protection done right — lock out attackers, manage IPs, log every login attempt and get instant email alerts. No external service, no phone-home, no limits.


What it does

Built for one job, done well.

🔒
Brute-force lockout
Configurable attempt limit, time window and lockout duration. Auto-blocks IPs that exceed the threshold.
📋
Login activity log
Every attempt — successful or failed — logged with IP, username, timestamp and result. Filterable, paginated, CSV export.
🚫
IP block & allow lists
Manual block or auto-block with optional expiry. Own IP is always whitelisted — you can never lock yourself out.
📧
Email alerts
Instant notification on threshold breach and new-IP login. Stay informed without watching the dashboard.
📊
7-day bar chart
Visual attempt trend built in pure CSS — no external chart libraries loaded.
Live dashboard widget
Today's attempts, active blocks and recent activity auto-refresh every 30 seconds via AJAX.

Free on WordPress.org.

Login Guard v1.0.0 is live — install directly from your WP dashboard or from WordPress.org. Free forever, no premium tier, no limits.


FAQ

Common questions.

Can I accidentally lock myself out?
No. Login Guard always whitelists your own IP automatically. Even if your IP triggers the lockout threshold, you will never be blocked from your own admin panel.
What happens when an IP is locked out?
The IP is blocked for the configured lockout duration. Any further login attempts during that window are silently rejected. You receive an email alert and can see the block in the activity log.
Does it work with WooCommerce and custom login pages?
Yes. Login Guard hooks into WordPress's core authentication system (wp_authenticate), which covers all login entry points — default login page, WooCommerce My Account, and any custom login form that uses wp_signon().
Does it use an external service or phone home?
No. Everything runs on your own server. No IP reputation APIs, no cloud dashboards, no external requests. Your login data never leaves your hosting environment.
Will it slow down the login page?
No measurable impact. The IP check is a single indexed database read — typically under 1ms. The activity log write happens only on login attempts, not on every page load.
Is it really free with no premium version?
Yes — free forever, every feature included, no upsells, no premium tier. Built by NaveenCodes by Maa Labs™ as part of a commitment to free WordPress tooling.

Quick stats

The numbers at a glance.

v1.0.0
Current version
7
Features included
WP 6.0+
Requires WordPress
PHP 7.4+
Requires PHP
Free
Forever, no upsells
Part of MAA Labs — in memory of Maa ❤️
Every plugin carries her blessings · 18 May