Wordfence Login Security

WORDFENCE LOGIN SECURITY

Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection, and Login Page CAPTCHA.

This plugin is being discontinued on or around July 1, 2026.

All of its features are already included in the main Wordfence plugin, which is also available to use for free. We recommend installing Wordfence to continue receiving updates, security improvements, and full functionality.

Install the full Wordfence plugin

TWO-FACTOR AUTHENTICATION

• Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.
• Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.
• Enable 2FA for any WordPress user role.
• Completely free to use, no limits or restrictions of any kind.

LOGIN PAGE CAPTCHA

• Easily enable Google ReCAPTCHA v3 on your login and registration pages.
• Stops bots from logging in without inconveniencing your site visitors.
• Robust protection against password guessing and credential stuffing attacks distributed across large IP pools

XML-RPC PROTECTION

• XML-RPC is the biggest target for WordPress attacks, but is often overlooked.
• Protect XML-RPC with 2FA or disable it altogether if it’s not needed.