This plugin provides essential login security for website administrators by adding two critical layers of protection against unauthorized access. It is designed for anyone managing a site who needs to defend against automated attacks and strengthen user authentication.

Login Attempt Limiting: Automatically blocks an IP address after a defined number of failed login attempts, stopping brute force and credential stuffing attacks. Two-Factor Authentication (2FA): Adds a mandatory second verification step, such as a time-based code from an authenticator app, after a correct password is entered. Customizable Lockout Rules: Administrators can configure the number of retries allowed, the lockout duration, and which usernames or IP ranges to monitor. Activity Logging: Tracks login attempts, lockouts, and 2FA usage to provide visibility into security events and potential attack patterns. Reduced Server Load: By blocking malicious traffic at the login page, it conserves server resources that would otherwise be wasted on processing attack requests.