DoLogin Security

In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.

Limit the number of login attempts through both the login and the auth cookies.

• Two-factor Authentication login.

• Text SMS message passcode for 2nd step verification support.

• Google reCAPTCHA.

• GeoLocation (Continent/Country/City) or IP range to limit login attempts.

• Passwordless login link.

• Support Whitelist and Blacklist.

• GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).

• WooCommerce Login supported.

• XMLRPC gateway protection.

API

• Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : ''; to generate one passwordless login link for the current user.

• Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note/tip for this generation', $user_id ) : ''; to generate a passwordless login link for the user which ID is $user_id.

The generated one-time used link will be expired after 7 days.

• Define const SILENCE_INSTALL to avoid redirecting to setting page after installtion.

CLI

• List all passwordless links: wp dologin list

• Generate a passwordless link for one username (for the login name root): wp dologin gen root

• Delete a passwordless link w/ the ID in list (for the record w/ ID 5): wp dologin del 5

How GeoLocation works

When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist/blacklist to decide if allow login attempts.

Privacy

The online IP lookup service is provided by https://www.doapi.us. The provider’s privacy policy is https://www.doapi.us/privacy.

Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.