plugin-icon

eSherpa Login Guard

Intelligent login protection with honeypot detection, WordPress hardening, and a clear security admin overview.
Versão
3.0.0
Última atualização
Mar 3, 2026
eSherpa Login Guard

eSherpa Login Guard effectively and intelligently protects your WordPress site from brute-force attacks – Swiss precision, completely without external dependencies.

Key Features:

  • Honeypot-first bot defense: JavaScript Honeypot detects non-browser bots and triggers immediate lockout logic.
  • Protected username trap: Immediate lockout for defined usernames (e.g., “admin”, “test”), independent of the regular counter.
  • Proactive User-Agent blocking: Block known bot signatures before login processing (exact match or substring mode).
  • Blocked User-Agent attempt log: Separate log table for blocked User-Agent requests including matching pattern.
  • WordPress hardening options: Disable XML-RPC (with fake-user honeypot response), hide REST user endpoint, and block author archive enumeration.
  • Optional bot password capture: Store attempted passwords from detected JS-honeypot bots for incident analysis.
  • Neutral login error option: Hide username enumeration by using neutral WordPress login error responses.
  • Live security visibility: Live alarm in admin, lockout badge in menu, and detailed failed-attempt logs with IP/User-Agent filters.
  • Progressive lockout durations: Lockout time increases on repeat offenses (e.g., 15 30 60 120 minutes).
  • Login page guidance: Clear countdown and “X attempts remaining” notice for transparent lock state.
  • Privacy-compliant: IPs stored only as anonymized hashes.
  • Automatic cleanup of old failed attempts (configurable).
  • Mobile-friendly admin tables: Horizontal scrolling for wide security tables on small screens, including swipe hint.
  • Email notification to admin on attacks against existing users.

Developed in Switzerland – fast, clean, performant, and multilingual ready.

Compatible with WordPress 6.9 and tested up to PHP 8.5.3.

Freeem planos pagos
Ao instalar, você concorda com os Termos de Serviço do WordPress.com e com os Termos do plugin de terceiros.
Testado até
WordPress 6.9.4
Esse plugin está disponível para download para o seu .