Login Guard

Brute force protection with progressive lockouts, two-factor authentication, honeypot fields, and comprehensive login logging.

Brute Force Protection

Login Guard monitors all authentication attempts to wp-login.php and xmlrpc.php. After configurable failed attempts, the source IP is temporarily locked out.

Progressive Lockouts

Repeated offenders face increasingly longer lockout periods:

Lockout #	Duration	After N Failed Attempts
1st lockout	5 minutes	5 failures
2nd lockout	15 minutes	5 more failures after unlock
3rd lockout	1 hour	5 more failures after unlock
4th+ lockout	24 hours	Any further failures

All thresholds and durations are configurable from VistoShield → Login Guard → Settings.

Tip: The lockout message shown to blocked users is customizable. You can display a generic error to avoid revealing that the lockout is IP-based.

Two-Factor Authentication (2FA)

Login Guard provides TOTP-based two-factor authentication compatible with any authenticator app (Google Authenticator, Authy, 1Password, etc.).

Setup

Navigate to VistoShield → Login Guard → Two-Factor
Click Enable 2FA for each user role that should require it
Each user scans a QR code with their authenticator app during next login
Users enter the 6-digit code after their password on each subsequent login

2FA Settings

Setting	Options	Default
Enforce for roles	Administrator, Editor, Author, etc.	Administrator only
Grace period	0–30 days	7 days (users must set up 2FA within this period)
Recovery codes	Enabled / Disabled	Enabled (10 one-time codes)
Remember device	0–90 days	30 days

Important: Generate recovery codes before enforcing 2FA. If a user loses their authenticator device without recovery codes, an administrator must manually reset their 2FA from the Users page.

Honeypot

The login form includes a hidden honeypot field invisible to human users. Bots that auto-fill all form fields will populate the honeypot, triggering an immediate block without counting as a failed login attempt.

The honeypot field name is randomized on each page load to prevent bot developers from hardcoding exclusions.

Login Logs

Every authentication attempt is logged with full details:

Field	Description
Timestamp	Date and time of the attempt
IP Address	Source IP with country flag
Username	The username attempted (exists or not)
Status	Success, Failed, Locked Out, 2FA Failed, Honeypot
User Agent	Browser or bot User-Agent string

Logs can be filtered by status, date range, IP address, or username. Export to CSV is available for all log views.

Notifications

Configure email alerts for login events:

Successful admin login — Get notified when an administrator logs in
Lockout triggered — Alert when an IP is locked out
Login from new IP — Notify when a known user logs in from a previously unseen IP
Login from new country — Alert on geographically anomalous logins

Server Integration

When the VistoShield Linux daemon is running on the same server, Login Guard can report repeated offenders to the server-level firewall. After a configurable number of lockouts, the IP is sent to the daemon for a server-wide block, protecting all sites on the server.