Wordfence Login Security Plugin

Two-Factor Authentication, XML-RPC Protection, and Login Page CAPTCHA

If for some reason you aren't running the full Wordfence plugin, use Wordfence Login Security for robust, layered protection from brute force attacks.

Get Wordfence Login Security

Wordfence Login Security contains a small subset of the features available in the full Wordfence plugin. Looking for comprehensive WordPress security?

Get Wordfence

Two-Factor Authentication

Completely Free with No Restrictions

Two-factor authentication, or 2FA, adds a second layer of security to your users' accounts. It requires them to not only enter their password, but also a second piece of information only they have access to. An account protected by 2FA is virtually impossible to compromise. Even if an attacker discovers your username and password somehow, they still can't log in.

  • Wordfence Login Security: Two-Factor Authentication step 1 graphic
  • Wordfence Login Security: Two-Factor Authentication step 2 graphic

XML-RPC Protection

The Most Common Target for Attackers

XML-RPC is an interface that allows WordPress to communicate with other applications. It is, unfortunately, often overlooked by WordPress users when discussing login security. "Just move your login page and you're secure!" they say with bravado. Unfortunately, they are often wrong. In fact, the majority of login attempts blocked by Wordfence hit XML-RPC, not the site's login page. Wordfence Login Security lets you secure XML-RPC by protecting it with 2FA or disabling it altogether.

Wordfence Login Security: XML-RPC graphic

Login Page CAPTCHA

Stay a Step Ahead of Bots

In recent years, the size of botnets available for attackers has exploded. In the context of WordPress login security, this means that attackers have more compromised machines and IPs to use in their attacks. By spreading attacks across much larger pools of IP addresses, they are able to dial the number of login attempts made by each IP address down so far that they evade even the most aggressive login attempt limiting rules, at least at the site level. Wordfence Login Security lets you enable CAPTCHA on your login and registration pages, adding a critical security layer to your site.

Wordfence Login Security: CAPTCHA graphic