We'll create fresh WordPress site with Secured WP installed. You have 20 minutes to test the plugin after that site we'll be deleted.
Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported – instead of entering codes, your user can use simple login link from within their e-mail client.
Woocommerce
Woocommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.
List with currently supported features:
Login Redirection
You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.
2FA login
Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s/he will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s/he will be asked to provide the 2FA code.
Login Attempts
This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.
Remember device setting
With that, user can use given device for the given amount of days without being asked to reenter the username/pass. The devices can be removed or checked from the default user settings page.
That setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.
Example: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.