Admin Safety Guard — Login Security & 2FA

Admin Safety Guard is a lightweight, high-performance WordPress security firewall dedicated to locking down your most vulnerable entry points: the login screen and the administrative dashboard. Designed with a clean UI and intelligent default settings, it instantly neutralizes brute-force attacks, credential stuffing, and bot traffic without slowing down your site’s load times.

It actively patches common vulnerabilities—such as disabling XML-RPC to prevent DDoS attacks—while giving you precise control over who accesses your site and how. From generating a custom, hidden login URL to evade automated scanners, to enforcing Two-Factor Authentication (2FA), blacklisting malicious IPs, and applying custom branding to your login page, Admin Safety Guard provides an uncompromising frontline defense that is incredibly easy to configure.

🌟 Admin Safety Guard Pro

Admin Safety Guard Pro elevates your site’s defense into a comprehensive, automated security operations center. Built for power users, agencies, and e-commerce sites requiring strict access control, the Pro tier unlocks enterprise-grade site hardening and deep white-label customization.

It moves beyond basic login protection by introducing proactive defense mechanisms, including Smart 404 Blocking to catch hackers during reconnaissance, comprehensive File and Database Security to protect core assets, and automated Malware Scanning to detect hidden threats. Additionally, Pro grants you granular, role-based control over user sessions, advanced CAPTCHA integrations for ultimate spam prevention, and a suite of flexible design tools to deliver a fully branded, highly secure, and seamless login experience for your clients and team members.

Why Use an Admin Safety Guard?

Because the default WordPress leaves your front door wide open. With automated bots, brute-force attacks, and credential stuffing on the rise, simply having a strong password is no longer enough.

Admin Safety Guard is engineered to bridge the gap between enterprise-level security and everyday usability, providing a fortified shield around your website without the bloated code that slows down your server.

Here is why site owners, agencies, and developers choose Admin Safety Guard:

• Proactive, Frontline Defense: Rather than waiting to clean up after a hack, Admin Safety Guard stops attacks before they breach your server. By hiding your login page with Custom URLs and instantly blocking bots via Smart 404 Blocking and Firewalls, hackers can’t attack what they can’t find.
• Zero Performance Drag: Many security plugins are notoriously heavy, dragging down site speed and ruining SEO. Admin Safety Guard is built to be incredibly lightweight, running silently in the background to protect your site without consuming massive server resources.
• ** Uncompromising Login Security:** The wp-admin dashboard is the most targeted area of any WordPress site. With enforced Two-Factor Authentication (2FA), explicit login limits, and seamless reCAPTCHA integration, you ensure that only verified, legitimate users can access your backend.
• Client-Ready Professionalism: Security shouldn’t look intimidating. With built-in custom branding, you can replace the generic WordPress logo with your own, adjust the styling, and deliver a seamless, white-labeled login experience that builds trust with your clients.
• Set-and-Forget Convenience: You don’t need a degree in cybersecurity to protect your website. Admin Safety Guard ships with a clean UI and intelligent smart defaults, allowing you to instantly deploy complex guardrails—like disabling XML-RPC or locking down database files—with just a few simple clicks.
• Total Visibility and Control: Never guess what is happening on your site. With real-time Activity Logs and granular IP blocking, you maintain complete forensic oversight over every login attempt, system change, and blocked threat.

👥 Who Should Use Admin Safety Guard?

Admin Safety Guard is perfect for users who need more control, security, and customization in their WordPress admin area:

👩‍💻 Freelancers & Developers: Add backend security and branding to client sites—no heavy coding. 🏢 Agencies & Teams: Secure multiple websites with a single workflow and consistent branding. 🔒 Site Owners: Protect dashboards from brute-force attacks and unauthorized logins. 🧩 Plugin/Theme Authors: Add layered protection in demo or test environments. 📈 Online Businesses: Secure customer data with 2FA, CAPTCHA, and password protection. 🎓 Educators & Bloggers: Maintain a professional look while increasing security.

Free Feature Details

👤 Hide Admin Bar (With Conditions): Hide the admin bar selectively for specific users or roles. 📊 Dashboard Overview: Visualize user activity and security stats in one glance. 🔗 Change Login URL: Customize the default wp-login.php to block automated bots. 🔁 Redirect After Login/Logout: Redirect users to any page after login/logout. 📋 Limit Login Attempts: Block repeated failed logins to prevent brute-force attacks. 🤖 CAPTCHA Protection: Stop bots with reCAPTCHA or similar human verifications. 🕵️‍♂️ Login Logs & Activity Tracking: Track user login times and backend actions. ⛔ IP Blocking: Block access by IP address to prevent hostile logins. 🔐 Two-Factor Authentication (2FA): Add extra verification layers to secure logins. 🛂 Password Protection: Protect private pages or areas with a password. ⚙️ Disable XML-RPC: Disable vulnerable XML-RPC endpoints to stop exploits. 🖼️ Custom Logo on Login Form: Replace WordPress logo with your brand. 🏷️ Custom Branding: Apply your own design across login and admin pages.

🔐 Pro Feature Details

🔑 Passwordless Login: Secure email-based login with one-time magic links—no password required. 📱 2FA via Mobile App: Add app-based Two-Factor Authentication (Google Authenticator / Authy). 🧩 CSRF Protection: Prevent Cross-Site Request Forgery attacks with token verification. 🗃️ Database Table Prefix Check: Detects and helps change the insecure wp_ prefix. 🌐 Whitelist IP Addresses: Restrict admin access to trusted IPs only. 🧑‍💻 Hide Admin Bar (Conditional): Show or hide admin bar for specific roles or users. 🗂️ WP Directory File Permissions Check: Scans and verifies file and directory permissions. 🌍 Social Login: Allow users to log in with Google, Facebook, or Twitter accounts. 🚫 Disallow Unauthorized REST Requests: Restrict REST API access conditionally. 💪 Password Strength Tool: Enforce strong password rules for better protection. 🎨 Provide Login Template: Instantly apply stylish, ready-to-use login templates. 🧰 Customize Design Pro: Fully customize admin and login design with a simple UI. 📧 Email Notification: Receive and customize security alerts directly to your inbox.

Explore Pro Features: Admin Safety Guard Pro

Support

For any issues, questions, or feature requests, please reach out via Support.

External Services

This plugin uses the following third-party and external services:

1) Google reCAPTCHA (Google LLC)

Purpose: Used to protect forms from spam and automated abuse.

When it is used: – When reCAPTCHA is enabled in plugin settings – On login forms and support forms protected by reCAPTCHA

What data is sent: – User IP address – reCAPTCHA response token generated by Google – Browser information as required by Google reCAPTCHA

Service provider: Google LLC

Terms of Service: https://policies.google.com/terms

Privacy Policy: https://policies.google.com/privacy

2) ThemePaste API (Plugin Author Service)

Purpose: Used for: – Collecting optional admin email addresses for plugin updates and notifications – Sending support requests from the plugin support form – Collecting optional feedback when a user attempts to deactivate the plugin – Managing plugin-related notifications (only if the user provides contact details)

When it is used: – When a user submits the built-in support form – When a user opts to send diagnostic information – Submitting the optional deactivation feedback form

What data is sent: – Name – Email address – Phone number (if provided) – Message content – Site URL – Plugin name – Feedback text (if provided) – Support message content – Deactivation reason (if provided)

No data is sent without user action.

Service provider: ThemePaste.com

Terms of Service: https://themepaste.com/terms-condition

Privacy Policy: https://themepaste.com/privacy-policy

Development / Source Code

This plugin includes compiled JavaScript bundles in: – assets/admin/build/*.bundle.js

The original (human-readable) source files are included in this plugin under: – spa/admin/

Build Tools – Node.js (LTS recommended) – npm – Webpack + Babel

Source Entry Points The admin SPA bundles are built from the following entry points:

• spa/admin/login-template/Main.jsx -> assets/admin/build/loginTemplate.bundle.js
• spa/admin/login-logs-activity/Main.jsx -> assets/admin/build/loginLogActivity.bundle.js
• spa/admin/analytics/Main.jsx -> assets/admin/build/analytics.bundle.js
• spa/admin/security-core/Main.jsx -> assets/admin/build/securityCore.bundle.js
• spa/admin/firewall-malware/Main.jsx -> assets/admin/build/firewallMalware.bundle.js
• spa/admin/privacy-hardening/Main.jsx -> assets/admin/build/privacyHardening.bundle.js
• spa/admin/monitoring-analytics/Main.jsx -> assets/admin/build/monitoringAnalytics.bundle.js

Install Dependencies From the plugin root directory (or the directory where package.json exists):

1) Install dependencies: npm install

Build (Production) To generate the production bundles:

npm run build

Output Location Webpack outputs the compiled bundles to:

• assets/admin/build/[name].bundle.js

Important Notes – Do not edit files in assets/admin/build/ directly. They are generated files. – Edit the source files under spa/admin/ and re-run the build command. – For WordPress.org distribution, production builds should be used (mode=production).

Links

Website Documentation Pro Version Facebook Pinterest LinkedIn Instagram