NaveenCodes Login Guard
NaveenCodes Login Guard
Description
Login Guard is a powerful, privacy-first login security plugin that runs entirely on your own server — no cloud service, no external API calls, no telemetry.
Core Features
Brute-Force Protection
Automatically detects repeated failed login attempts from the same IP address. When a configurable threshold is reached, the IP is locked out and can be automatically added to the block list.
Live Login Activity Log
Every login attempt — successful, failed, or blocked — is recorded with IP address, username, user agent, and timestamp. Full filter, paginate, and export to CSV.
IP Block List
Manually block specific IP addresses, with permanent or time-limited expiry. Auto-blocked IPs are automatically pruned when their lockout period ends.
IP Allow List
Protect your own IP or your developer’s IP from ever being blocked — even during testing.
Instant Email Alerts
Get notified when a suspicious number of failed attempts is detected from a single IP, or when a successful login occurs from a new location for any user.
Dashboard Overview
At-a-glance stats with a 7-day bar chart (no external chart libraries), auto-refreshed every 30 seconds.
WP Admin Dashboard Widget
Quick stats and last 5 login attempts visible from the main WordPress dashboard.
Privacy
Login Guard stores IP addresses and usernames in your own database. No data leaves your server.
Free, Forever
No upsells, no premium tier, no usage limits. Login Guard is completely free.
❤️ Dedicated in loving memory of Maa — 18 May.
Installation
- Upload the
naveencodes-login-guardfolder to/wp-content/plugins/ - Activate through Plugins Installed Plugins
- Visit Login Guard Settings to configure thresholds
- Done — your site is now protected
Screenshots
Faq
Add your own IP to the Allow List from IP Manager Allowed to guarantee you are never blocked.
Yes. Login Guard checks HTTP_CF_CONNECTING_IP, HTTP_X_REAL_IP, and HTTP_X_FORWARDED_FOR before falling back to REMOTE_ADDR, so Cloudflare and most reverse-proxy setups work correctly.
Go to Login Guard IP Manager Blocked and click Unblock next to the IP address.
No. The lockout check is a single indexed database query — typically under 1 ms.
Yes. Click Export CSV on the Activity Log page to download the full log with applied filters.
No. Every feature runs entirely on your server with zero external requests.
Reviews
Changelog
1.0.0
- Initial release
- Brute-force lockout (configurable max attempts + window + lockout duration)
- Login activity log with filters, pagination, and CSV export
- IP block list: manual + auto-block with optional expiry
- IP allow list: IPs that are never blocked
- Email alert on suspicious activity (configurable threshold)
- Email alert on successful login from a new IP address
- 7-day bar chart dashboard (no external libraries)
- WP Admin dashboard widget
- Block IP inline from activity log
- Daily cron: prune old log entries + expired blocks
- Full WP.org Plugin Check compliance



