FluentAuth – The Ultimate Authorization & Security Plugin for WordPress

by Shahjahan Jewel

Description

Boost Your Website’s Security with Login/Signup Security, Two-Factor Email Authentication, Login/Logout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.

Highlighted Features

Two-Factor Authentication for Login
Magic Login via Email
Social Login / Register
Limit Login Attempts
Dynamic Login Redirects
Detailed Audit Logs
Core Security Enhancement
Security Email Notifications
Super Fast Solution
Restrict /wp-admin for low level user roles

What’s new in version 2.0

🚀 Two-Factor Authentication for Login
Ensure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator / Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.

🚀 Magic Login via Email
Simplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.

🚀 Social Login / Register
Allow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.

🚀 Limit Login Attempts
Protect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.

🚀 Dynamic Login Redirects
Easily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.

🚀 Detailed Audit Logs
Track exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.

🚀 Core Security Enhancement
XML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.

🚀 Security Email Notifications
As a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.

🚀 Super Fast Solution
We’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.

🚀 Restrict /wp-admin for low level user roles
If you want to restrict /wp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict /wp-admin access.

🚀 Customize WordPress Signup Emails
Customize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.

🚀 Custom Login/Signup Shortcodes
Create custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.

🚀 Disable Admin Email Notifications on User Signup
Disable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.

🚀 Scan WordPress Core File Changes
FluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.

Why FluentAuth?

To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.

Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.

To Solve these issues, we decided to build FluentAuth and made it free.

Replace Multiple Plugins with FluentAuth

FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins

For Login Limit and ban brute force attacks

Limit Login Attempts Reloaded
WPS Limit Login

For Login & Logout Redirections

LoginWP (Formerly Peter’s Login Redirect)
Sky Login Redirect
WP Login and Logout Redirect

For Login & Logout Redirections

LoginWP (Formerly Peter’s Login Redirect)
Sky Login Redirect
WP Login and Logout Redirect

For Hide Admin Bar and Access Restriction

Hide Admin Bar
Hide Admin Bar Based on User Roles
Auto Hide Admin Bar
Hide Admin Bar from Non-Admins

User Guides

Other Plugins By The Same Team

CONTRIBUTE

If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from Github.

Installation

This section describes how to install the plugin and get it working.

Just search for FluentAuth in WordPress Plugins and click install and activate.

Upload the plugin files to the /wp-content/plugins/fluent-auth directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the \’Plugins\’ screen in WordPress
Use the FluentAuth -> Settings screen to configure the plugin

Screenshots

Reporting Dashboard
Login Security Settings
Social Logins Frontend
Custom Login/Signup Shortcodes
Dynamic Login Redirects
Detailed Audit Logs
Social Login Settings
System Emails Customization
Login/Signup Page Customizer
WordPress Core Files Integrity Check

Faq

Is it a GDPR-Compliant?

All the data will be saved and managed into WordPress. it’s 100% GDPR-Compliant.

Will it is a performance issue for WordPress?

Absolutely not! From the very first, We were careful about this. It stores all the logs data in custom database tables, so it will not affect your WordPress database. We built the application with VueJS. Also, The Admin UI is super fast as It’s a SPA and communicates over ajax.

Reviews

Superb for my use case

By zchas42 on November 8, 2025

I wanted to implement a login system with the requirement for users to enter an email code on login. This mitigates login sharing among users.

Very effective, did the job perfectly.

Raised one support ticket query which was responded to with a "right first time" solution within 24 hours.

Very happy.

2fa issue

By Fossist (fossist) on September 30, 2025

When I enter the 2fa code for the first time, it refreshes the page and does not log in.

2nd time when I enter the password and 2fa email code, it works.

I am on hostinger. Using litespeed cache and fluentsmtp plugin. Any help would be greatly appreciated.

Great security plugin and replacement for ThemeMyLogin

By Manni02 on September 8, 2025

I had been using Theme-My-Login for many years, including after it became paid-for, but it had many compatibility issues and support wasn't always worth the yearly license fee, so I started looking at other options.

I'm a huge fan of Fluent plugins, and I gave a try to FluentPlugins 2.0, as it provided the improvements I was looking for: customizable login and register forms, login redirects, customization of system emails and a few other features that made it a much stronger alternative than its V1.0 (which I had looked at but wasn't advanced enough for my use).

V2.0 is free, it works great, it allowed me to replace Theme-My-Login and a few other plugins, and it's both light and compatible with all my installed plugins. It also works seamlessly with all the other plugins from the fluent family, which I highly recommend as well, both in their free and paid-for versions.

Support is great, as always. A cosmetic issue I had is about to be resolved in the next release and I was provided a .css early to resolve it without having to wait for this upcoming release.

The main downside for me is that the magic login feature doesn't work for our website. I reported the issue and I hope it will be solved at some point in the future. Fluent support has offered to look at our website, as it's not a general issue, but unfortunately for various reasons we can't allow third party access. This issue would probably have been resolved by support, had this been possible.

One last issue is that the login redirect feature doesn't work in our website, but I use Uncanny Toolkit for this, so it's not a huge problem.

Regarding missing features, I would like Fluent Security to offer simultaneous login protection, similar to what's offered by the excellent Loggedin plugin, as it would be really useful for membership sites. This feature request is noted, so I hope it will be implemented at some point, but in the meantime the two plugins work fine together, along with the additional security offered by Wordfence.

Overall, I'm very happy with the plugin, and highly recommended. I only hope that a few issues will be fixed and features implemented so that I can get rid of a few more plugins. This is the only reason why I didn't give it 5 stars. I'll revise this review when/if some of the features mentioned above are implemented.

Great Plugin

By Michael Maguire (Bagebi) on August 24, 2025

A very useful plugin and also free.

Thank you

By jaswanthjesse on July 18, 2025

The plugin is feature rich and thanks you WP Ninja team for keeping this a free plugin.

Interesting, but still missing core functions

By rrvoigt on July 6, 2025

Still a nice plugin, but 2FA authentication with a QR / token authentication app (Google Authenticator, Microsoft, etc). If for some reason the email doesn't arrive, shouldn't there be a optional second fallback option to scan a QR code manually to use in your QR app. Also adding a skip 30 day 2FA option like Word fence has, would also be a plus! For now sadly still not the go to 2FA option with the missing app function. Hopefully the dev team will listing to this feed back soon.

Thank you so much for such awesome free plugin.

By Julian Song (julians3) on June 23, 2025

Simple yet powerful solution for protecting WordPress sites. I really appreciate the effort and dedication the WPManageNinja team puts into making security accessible and effective for everyone.

Highly recommended for anyone looking for straightforward, reliable WordPress security!

Great

By Gabriel Nistor (springbreak) on June 16, 2025

Works fluent 😉 Easy to config, clean UI, deliver what promised. Wish to stay and continue to develop!(more form customization would be great)

This Plugin is Amazing Specially works well with all the Fluent Family

By knightraven on June 15, 2025

This Plugin is Amazing Specially works well with all the Fluent Family

It could be so much better!

By nucleotide on June 13, 2025

This has so much potential, but I feel like this is the worst Fluent product available.

It took months to close a major flaw (allowing anyone with a Gmail account to log in).

It requires email for the 2FA codes - which breaks the login flow and creates a barrier (why not just use an existing app that generates the codes?)

Still no way to restrict certain email addresses from registering (eg. myemail@domain.com or *@domain.com)

I know it's free... but we are talking about authentication and security here. FluentAuth just doesn't do it well in my opinion. It's not a plugin I feel I can trust - and that's vitally important!

Changelog

2.0.3 – Date: Jun 11, 2025

Typo and Smartcode fixed on Custom Emails
WP_Error Notice fixed

2.0.2 – Date: Jun 11, 2025

Fixed: Login Redirect Issue
Fixed Typo on Admin Menu
Fixed Styling Issues

2.0.0 – Date: Jun 09, 2025

Introduing Login/Signup Page Customizer
Added Login with Facebook
Added Syststem Emails Custimizations
Introducing WordPress Core Files Integrity Check
Configurable: One-Click Login via Email as primary login method
UI & UX Improvements
Disable Signup on social media connection when global signup is disabled

1.1.0 – Date: Dec 16, 2014

Added hooks for 3rd party developers
Improvement on Authentication flow

1.0.8 – Date: Dec 02, 2024

Added Additional Hooks for Regsitration and Signup
Improved UI & UX
Fixed translation issues

1.0.7 – Date: Jul 26, 2024

Added Email verification on User Regstration Flow
PHP 8.x compatability issue fixed
JS errors fixed on Magic Links Shortcodes

1.0.6 – Date: Jan 28, 2024

Fix Compatibility issue with PHP 8.x
Upgrade Internal Libraries
Improved Login with Google
Improved UI & UX

1.0.5 – Date: May 04, 2023

Added Login or Signup with Google Social Auth Connection
Magic Login URL token is now hashed to improve the security

1.0.4 – Date: Feb 04, 2023

Added Daily/Weekly/Monthly Email reporting Feature
Made Login Form as Custom (no login url expose)
Two-Factor Authentication Improvement

1.0.2 – Date: Dec 17, 2022

Fix UI issue on dashboard
Login with GitHub improvement
Do Two-Factor Authentication even for social login for selected user roles
Added more hooks for developers

1.0.2 – Date: Dec 16, 2022

Improved UI & UX
Added feature to block /wp-admin access and hide admin bar for low-level user roles
Fix conflict issue with LearnDash and other wp-users REST-API
Improved IP Address for login verification.

1.0.0 – Date: Dec 12, 2022

Initial Release