NHR Secure – Hide Admin, Limit Login, 2FA & Vulnerability Checker

Keep your WordPress site safe with minimal effort. NHR Secure helps you:

• Hide or protect your admin area from unauthorized access.
• Limit login attempts to prevent brute-force attacks.
• Hide debug logs to prevent sensitive information disclosure.
• Add 2FA to your WordPress site.
• Scan core files, plugins, and themes for known vulnerabilities.

Features at a glance:

🔒 Limit Login Attempts

Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts.
– Configurable attempt limit (1-20, default: 5)
– Blocks based on IP + Username combination
– Auto-unblock after 2 hours

🔐 Custom Login Page

Hide wp-login.php and use a custom login URL.
– Default custom URL: /hidden-access-52w
– Blocks direct access to wp-login.php and wp-admin for guests

🛡️ Protect Debug Log File

Blocks direct access to /wp-content/debug.log
– Returns 403 Forbidden for all users

⚙️ Modern Settings Page

Configure everything from a beautiful React-powered interface.
– Located under Tools → NHR Secure
– Dark Mode support for comfortable viewing
– Enable/disable each feature

🔐 Two-Factor Authentication (2FA)

Enable two-factor authentication for users.
– Support for Authenticator Apps and Email OTP
– Enforce 2FA for specific user roles (e.g., Administrators)
– Recovery Codes for emergency access
– QR code setup for Authenticator Apps

🛡️ Vulnerability Checker

Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database.
– Daily automatic scans
– Alerts for critical security issues
– Check file integrity

⚡ Lightweight & Minimal

Designed to deliver maximum security with minimal code. No bloat, no complexity.
– Compatible with most WordPress themes and plugins.

External Services

This plugin utilizes the WPVulnerability API to check for vulnerabilities.
– Service: WPVulnerability
– Data: Only plugin slugs and versions are sent. No personal data is collected.

1. Upload the nhrrob-secure plugin folder to your /wp-content/plugins/ directory.
2. Activate the plugin through the ‘Plugins’ menu in WordPress.
3. Navigate to Tools → NHR Secure to configure settings.

1. 

   Failed login attempts are blocked.

2. 

   Custom login page.

3. 

   Debug log is hidden.

4. 

   Modern React-powered settings page.

5. 

   Modern React-powered settings page - part 2.

6. 

   2FA setup in user profile.

7. 

   2FA setup in user profile - Email OTP.

8. 

   2FA setup in user profile - Recovery codes.

9. 

   Dark mode support.

1.1.0 – 13/01/2026

• Added: Vulnerability Checker
• Added: File Scanner to check file integrity
• Improved: UI for scan results
• Few minor bug fixing & improvements

1.0.6 – 11/01/2026

• Fixed: Fatal error due to missing vendor files

1.0.5 – 11/01/2026

• Added: Email OTP feature
• Added: Recovery codes for 2FA
• Added: Enforce 2FA for specific roles
• Added: Dark mode support
• Few minor bug fixing & improvements

1.0.4 – 09/01/2026

• Added: Modern React-powered settings page under Tools → NHR Secure
• Added: Enable/disable all features from admin interface
• Added: Configurable login attempts limit (1-20)
• Added: Customizable login page URL from settings
• Added: Two-factor authentication (2FA) feature

1.0.3 – 05/01/2026

• Added: Custom login page.
• Added: Hide debug log.

1.0.2 – 04/12/2025

• Initial release. Cheers!!
• Added plugin assets (icons, banners & screenshot).
• Fixed fatal error related to function name.

1.0.1 – 30/11/2025

• Few minor bug fixing & improvements

1.0.0 – 23/10/2025

• Initial beta release. Cheers!