Login Delay Shield

WordPress is one of the most widely used content management systems on the internet, making it a frequent target for bots and hackers attempting brute-force attacks.

A brute-force attack works by systematically trying passwords until finding the correct one. Login Delay Shield defends against this by adding a configurable delay after each failed login attempt. Since successful logins are never delayed, legitimate users experience no slowdown. This approach is particularly effective against bots that send thousands of login requests, as each failed attempt forces the attacker to wait before trying the next password.

Features:

• Login delay — Fixed or random delay on failed login attempts (1-10 seconds)
• Progressive delay — Delay increases with each consecutive failed attempt from the same IP
• IP lockout — Temporarily block IP addresses after too many failed attempts
• IP whitelist — Bypass all security measures for trusted IPs (supports CIDR notation)
• Email notifications — Receive alerts when failed login thresholds are reached
• Failed login log — Track all failed attempts with a dashboard widget showing recent activity
• XML-RPC protection — Apply delays to XML-RPC authentication or block it entirely
• Log retention — Automatic cleanup of old log entries (configurable retention period)
• Accessible admin interface — WCAG 2.1 compliant with keyboard navigation and screen reader support
• Multilingual — Translated into 18 languages including French, German, Spanish, Japanese, Chinese, Arabic, and more
• Lightweight and compatible with other security plugins

This plugin is not a complete security solution — dedicated security plugins offer more comprehensive protection. However, Login Delay Shield adds an effective layer of defense that works alongside your existing security measures without conflict.

Note: This plugin was formerly known as “WP Login Delay”.