Description
WORDFENCE LOGIN SECURITY
Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.
Are you looking for comprehensive WordPress Security? Check out the full Wordfence plugin.
TWO-FACTOR AUTHENTICATION
- Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.
- Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.
- Enable 2FA for any WordPress user role.
- Completely free to use, no limits or restrictions of any kind.
LOGIN PAGE CAPTCHA
- Easily enable Google ReCAPTCHA v3 on your login and registration pages.
- Stops bots from logging in without inconveniencing your site visitors.
- Robust protection against password guessing and credential stuffing attacks distributed across large IP pools
XML-RPC PROTECTION
- XML-RPC is the biggest target for WordPress attacks, but is often overlooked.
- Protect XML-RPC with 2FA or disable it altogether if it’s not needed.
Captures d’écrans
Take login security to the next level with two-factor authentication. 
Logging in is easy with Wordfence 2FA. 
Configuration options include XML-RPC protection and login page CAPTCHA.
Installation
Secure your website using the following steps to install Wordfence:
- Install Wordfence Login Security automatically or by uploading the ZIP file.
- Activate the Wordfence Login Security through the ‘Plugins’ menu in WordPress. Wordfence Login Security is now activated.
- Go to the ‘Login Security’ menu and activate two-factor authentication and configure other settings.
To install Wordfence Login Security on WordPress Multisite installations:
- Install Wordfence Login Security via the plugin directory or by uploading the ZIP file.
- Network Activate Wordfence Login Security. This step is important because until you network activate it, your sites will see the plugin option on their ‘Plugins’ menu. Once activated, that option disappears.
- Now that Wordfence Login Security is network activated, it will appear on your Network Admin menu for super administrators and individual sites for users who have permission to activate 2FA.
Avis
22 février 2025
It is one of the few extensions that allows you to do this for free, I am very grateful to everyone at WordFence who works on this plugin. Thank you!
1 novembre 2024
<font _mstmutation= »1″></font>The security of the admin panel is protected, thanks for such a shield against hacking
13 juin 2024
I have just installed it and look forward to complete its configuration soonest. From a brief outlook on the plugin functions they are sufficient and practical even for Woo users, if it is a case. I am only on a slighter disappointed side since the FIDO Trust Key option for 2FA isn’t on a list – for this I wish the developers to notice that this kind of security is simply ‘a Must’ these days for a reputable 2FA applications. Please add this function ASAP – even if in a paid plugin variation!
6 février 2024
After testing several protections for different sites, this is might choice now.
No issues with non techie clients getting blocked, and no bruteforce attacks on our sites. Thanks Wordfence for this lightweight alternative to your full fledged security plugin.
4 février 2024
It’s a good 2FA plugin and recaptcha also works alright. But basic login security is missing. It doesn’t stop bruteforce attack by limiting login attempts. That’s a necessary thing it should have but it doesn’t.
16 novembre 2023
It’s an excellent Multi-factor authentication plugin. I’m really happy with it. I previously used this feature from within Wordfence but have switched to using Fail2ban for handling brute forcing attacks. I use Wordfence login security to protect my admin account and to give WooCommerce customers a nice way to protect their accounts if they choose to.
My only (minor) complaint is that the Wordfence Login Security menu link should be nested under the Settings menu, not a top level menu link. An option to do that would be nice to help keep the admin menu clean.
Contributeurs/contributrices & développeurs/développeuses
« Wordfence Login Security » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
“Wordfence Login Security” a été traduit dans 2 locales. Remerciez l’équipe de traduction pour ses contributions.
Traduisez « Wordfence Login Security » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal des modifications
1.1.15 – January 15, 2025
- Change: Reworked setting caching to avoid issues with some object caches
1.1.14 – January 2, 2025
- Improvement: General compatibility improvements and better error handling for PHP 8+
1.1.12 – June 6, 2024
- Change: Revised the formatting of TOTP app URLs to prioritize the site’s own URL for better sorting and display
- Fix: Fixed the last captcha column in the users page so it no longer displays « (not required) » on 2FA users since that no longer applies
1.1.11 – April 3, 2024
- Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
1.1.10 – March 11, 2024
- Change: Removed the extra site link from the CAPTCHA verification email message to avoid confusion with the verify link
- Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
1.1.9 – February 14, 2024
- Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead
1.1.8 – January 2, 2024
- Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently
1.1.7 – November 6, 2023
- Fix: Compatibility fix for WordPress 6.4 on the login page styling
1.1.6 – October 30, 2023
- Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations
1.1.5 – October 23, 2023
- Fix: 2FA AJAX calls now use an absolute path rather than a full URL to avoid CORS issues on sites that do not canonicalize www and non-www requests
- Fix: Addressed a race condition where multiple concurrent hits on multisite could trigger overlapping role sync tasks
- Fix: Improved performance when viewing the user list on large multisites
- Fix: Fixed a UI bug where an invalid code on 2FA activation would leave the activate button disabled
- Fix: Reverted a change on error modals to bring back the additional close button for better accessibility
1.1.4 – July 12, 2023
- Fix: Changed text domain to wordfence-login-security to match plugin slug as required by WordPress
- Fix: Added translation support for additional strings
1.1.3 – June 21, 2023
- Improvement: Added translation support for strings in JavaScript
- Improvement: Updated JavaScript libraries
- Improvement: Added « Text Domain » header to support translation functionality
1.1.2 – March 27, 2023
- Fix: Prevent double-clicking when activating 2FA to avoid an « already set up » error
1.1.1 – March 1, 2023
- Improvement: Further improved performance when viewing 2FA settings and hid user counts by default on sites with many users
- Fix: Adjusted style inclusion and usage to prevent missing icons
- Fix: Avoided using the ctype extension as it may not be enabled
1.1.0 – February 14, 2023
- Improvement: Added 2FA management shortcode and WooCommerce account integration
- Improvement: Improved performance when viewing 2FA settings on sites with many users
- Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite
- Fix: Prevented reCAPTCHA logo from being obscured by some themes
- Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration
1.0.12 – November 28, 2022
- Improvement: Added feedback when login form is submitted with 2FA
- Fix: Restored click support on login button when using 2FA with WooCommerce
- Fix: Corrected display issue with reCAPTCHA score history graph
- Fix: Prevented errors on PHP caused by corrupted login timestamps
1.0.11 – September 19, 2022
- Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database
1.0.10 – June 2, 2022
- Improvement: Added option to toggle display of last login column on WP Users page
- Improvement: Improved autocomplete support for 2FA code on Apple devices
- Fix: Corrected issue that prevented reCAPTCHA scores from being recorded
- Fix: Prevented invalid JSON setting values from triggering fatal errors
- Fix: Made text domains consistent for translation support
- Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA
1.0.9 – October 12, 2021
- Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form
- Fix: Corrected theme incompatibilities with WooCommerce integration
1.0.8 – July 19, 2021
- Fix: WooCommerce integration notice can now be dismissed on any admin page
- Change: Updated messaging around 2FA for WooCommerce roles
1.0.7 – July 8, 2021
- Improvement: Added 2FA and reCAPTCHA support for WooCommerce login and registration forms
- Improvement: Added option to require 2FA for any role
- Improvement: Added logic to automatically disable NTP after repeated failures and option to manually disable NTP
- Change: Updated reCAPTCHA setup note
- Change: Updated plugin headers for compatibility with WordPress 5.8
1.0.6 – January 14, 2021
- Improvement: Made a number of WordPress 5.6 and jQuery 3.x compatibility improvements.
- Improvement: Replaced the terms whitelist and blacklist with allowlist and blocklist.
- Fix: Sync roles to new sites in multisite configurations
- Fix: Corrected 2FA config links in notices for multisite
- Fix: Corrected inactive user count when users with 2FA have been deleted
- Fix: reCAPTCHA will no longer block requests with missing tokens in test mode
1.0.5 – January 13, 2020
- Changed: AJAX endpoints now send the application/json Content-Type header.
- Changed: Added compatibility messaging for reCAPTCHA when WooCommerce is active.
- Fixed: The « Require 2FA for all administrators » notice is now automatically dismissed if an administrator sets up 2FA.
1.0.4 – November 6, 2019
- Fix: Added styling fix to the 2FA code prompt for WordPress 5.3.
- Fix: Added compatibility tags for WP Tide.
1.0.3 – July 16, 2019
- Improvement: Added additional information about reCAPTCHA to its setting control.
- Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
- Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
- Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
- Improvement: Added an option to trigger removal of Login Security tables and data on deactivation.
- Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
- Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
- Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
- Fix: Added handling for reCAPTCHA’s JavaScript failing to load, which previously blocked logging in.
- Fix: Fixed the functionality of the button to send 2FA grace period notifications.
- Fix: Fixed a missing icon for some help links when running in standalone mode.
1.0.2 – May 30, 2019
- Initial release