Lightweight login security with IP blocking, automatic URL change, user-agent tracking, and email alerts.
BlockForce WP is a lightweight yet powerful security plugin designed to protect your WordPress login page from brute-force attacks. It combines persistent IP blocking, automatic login URL changing, user-agent tracking, and detailed activity logging into a simple, easy-to-use package.
| Feature | Description |
|---|---|
| 🛡️ Brute Force Protection | Automatically blocks IPs after failed login attempts |
| 🔑 Forgot Password Protection | Detects and blocks brute-force attacks on the lost password form |
| 🔒 Persistent Blocking | Blocks stored in custom database tables, survives cookie clears |
| 🔄 Auto URL Change | Automatically changes login URL when attacks persist |
| 🧭 User-Agent Tracking | Records readable and raw user-agent details for login attempts and blocked IPs |
| 📋 Activity Log | Detailed log of login attempts, IPs, user agents, and security events |
| 🗓️ Log Retention | Configurable auto-cleanup for logs (1-365 days) |
| 📧 Email Alerts | Get notified with IP and user-agent details when your login URL changes |
| 👻 Stealth Mode | Default wp-login.php redirects to 404 when custom URL active |
| 🔗 Public Slug Protection | Avoids exposing the secret login slug through public WordPress login links |
| 📊 Dashboard Widget | Quick security overview on your dashboard |
| ❤️ Site Health | Plugin status in WordPress Site Health |
| 🔧 Granular Reset | Reset specific components without losing all data |
🔒 BlockForce WP (top-level menu)
├── 📊 Overview — Login status & blocked IPs
├── 📋 Activity Log — Browse login attempts
├── 🛡️ Blocked IPs — Manage active and expired IP blocks
├── ⚙️ Settings — Configure protection options
└── 🔧 Reset & Tools — Granular reset options
- Upload the plugin to
/wp-content/plugins/blockforce-wp - Activate through the 'Plugins' screen
- Navigate to BlockForce WP in the admin sidebar
| Setting | Description | Default |
|---|---|---|
| Maximum Failed Attempts | Attempts before triggering protection | 5 |
| IP Block Duration | How long to block malicious IPs | 86400 seconds (24 hours) |
| Attack Monitoring Window | Window for tracking persistent attacks | 1800 seconds (30 minutes) |
| Log Retention (Days) | How long to keep security logs | 90 days |
| Enable IP Blocking | Block IPs after failed attempts | Enabled |
| Enable Auto URL Change | Change URL on persistent attacks | Enabled |
| Disable Debug Logs | Suppress PHP/debug output from the plugin runtime | Enabled |
| Security Alert Email | Email for notifications | Admin email |
- Clear Activity Logs — Remove all login records
- Clear Blocked IPs — Unblock all IP addresses
- Clear Attempt Tracking — Reset login counters
- Reset Login URL — Restore default wp-login.php
- Full Reset — All of the above (settings preserved)
Method 1: Wait it out Block duration expires automatically (default: 24 hours)
Method 2: Unblock via database
-- Replace {prefix} with your actual table prefix (usually wp_)
DELETE FROM wp_blockforce_blocks WHERE user_ip = 'YOUR.IP.ADDRESS';Replace YOUR.IP.ADDRESS with your actual IP.
Method 3: Reset secret login URL
DELETE FROM wp_options WHERE option_name = 'blockforce_login_slug';This restores the default wp-login.php
Method 4: Disable via FTP
Rename /wp-content/plugins/blockforce-wp to blockforce-wp-disabled
Check your email for the notification, or go to BlockForce WP → Overview.
BlockForce WP avoids rewriting public-facing WordPress login links to the secret slug. The custom URL is used in login/admin contexts while default wp-login.php and unauthenticated wp-admin access are redirected when a custom slug is active.
Yes. Activity Log and Blocked IPs show a readable user-agent name with the raw user-agent available on hover. Alert emails also include the detected user-agent name and raw user-agent string.
BlockForce WP focuses on login protection and should work with most security plugins. Test in staging first.
- WordPress 5.0+
- PHP 7.4+
- MySQL 5.6+ or MariaDB 10.0+
GPLv2 or later. See LICENSE.
RahulPalXDA
⭐ If you find this plugin useful, please consider giving it a star!