Login Security
Two Factor
Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.
Privilege Escalation
Allow administrators to temporarily grant extra access to a user of the site for a specified period of time.
Passwordless Login
Enable Passwordless Login to bypass the password and Two-Factor requirements upon login. The Passwordless Login email contains a special login that redirects to the WordPress login page. The email will be sent to the email address shown in your user profile.
Trusted Devices (Beta)
Trusted Devices identifies the devices users use to login and can apply additional restrictions to unknown devices.
Lockouts
Ban Users
Block specific IP addresses and user agents from accessing the site.
Network Brute Force
Join a network of sites that reports and protects against bad actors on the internet.
reCAPTCHA
Protect your site from bots by verifying that the person submitting comments or logging in is indeed human.
Local Brute Force
Protect your site against attackers that try to randomly guess login details to your site.
Magic Links
The Magic Links bypass lockout option allows you to login while your username or IP is locked out.
Site Check
File Change
File Change detection will tell you what files have changed in your WordPress installation alerting you to changes not made by yourself.
User Logging
Log user actions such as logging in, saving content, and making changes to the site’s software.
Site Scan Scheduling
Protect your site with automated site scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.
Version Management
Version Management can automatically update to new versions of WordPress, themes, and plugins, along with increasing security measures when a site’s software is outdated.
Utilities
Enforce SSL
Enforces that all connections to the website are made over SSL/TLS.
Geolocation
Improve Trusted Devices by connecting to an external location or mapping API.