Free WordPress Plugin

SovaryxLoginSecurity

Protect your WordPress login
before attackers reach it.

A free WordPress plugin built for one purpose: stop login attacks. Five focused layers — custom login URL, IP restriction, brute force protection, reCAPTCHA, and login history — work together to keep your admin area off-limits.

Download Free See Features
  • 100% Free, forever
  • WordPress.org official
  • No frontend impact
SovaryxLoginSecurity hero
The Reality

Your login page is being attacked right now

Automated bots scan WordPress sites 24/7 looking for /wp-login.php. A single weak credential is all it takes to lose control of your site.

90,000+
WordPress sites attacked every minute
43%
of breaches start with a stolen credential
/wp-login.php
Default URL — known to every bot on the internet

Bots find your login in seconds

Every WordPress install shares the same /wp-login.php path. Bots discover and target it the moment your site goes live.

Leaked passwords are everywhere

Billions of credentials are circulating from past data breaches. If any team member reused a password, your site is already exposed.

One break-in = full takeover

A compromised admin account means malware injection, SEO spam, customer data theft — and a long, expensive recovery.

Features

Five focused layers, one job: keep attackers out

Each layer can be enabled independently. Use one, use all five — every layer makes your login dramatically harder to attack.

Custom Login URL
Default — exposed to bots
example.com/wp-login.php Public
After Sovaryx — secret path
example.com/my-secret-login Hidden
01

Custom Login URL

Move /wp-login.php to a secret URL only you know. Bots scanning the default path simply hit a 404 — your real login becomes invisible.

  • Instantly cuts bot traffic to your login by 99%+
  • Choose any path you like — change anytime
  • Works with existing bookmarks via redirect option
IP Allowlist
Access rules — wp-admin
203.0.113.42 Allow
198.51.100.0/24 Allow
185.220.101.7 Block
* (everything else) Block
02

IP Restriction

Lock the login and admin area down to specific IPs or CIDR ranges. Anyone outside your office, VPN, or trusted network simply cannot reach the form.

  • Allow single IPs, ranges (CIDR), or both
  • Optional emergency bypass for forgotten access
  • Per-rule comments to remember why you added each entry
Brute Force Protection
IP locked out for 60 minutes 185.220.101.7
5 / 5
03

Brute Force Protection

Automatically lock out any IP that fails too many login attempts. Stops password guessing and credential stuffing dead in their tracks — and notifies you when it happens.

  • Configurable threshold and lockout duration
  • Optional email alert when a lockout is triggered
  • Lockouts cleared automatically — no manual cleanup needed
reCAPTCHA on login
I'm not a robot
Log In
04

Google reCAPTCHA

Add Google reCAPTCHA (v2 or v3) to your login form in one setting. Stops automated form submissions completely — bots cannot pass the challenge.

  • Supports reCAPTCHA v2 checkbox and v3 invisible
  • Free Google API — no extra cost
  • Loads only on the login page — zero impact elsewhere
Login History
Time IP / User Status
14:02:31 203.0.113.42 / admin Success
13:58:11 185.220.101.7 / root Failed
13:58:09 185.220.101.7 / admin Locked
13:57:55 185.220.101.7 / admin Failed
05

Login History

See exactly who tried to access your site — successes, failures, and lockouts — with timestamps, IPs, and usernames. Investigate suspicious activity in seconds.

  • Searchable, filterable log inside wp-admin
  • Configurable retention period
  • Export history as CSV for audits or backups
Why Sovaryx

Built to do one thing — really well

No bloat. No upsells inside the plugin. Just focused login protection that you can install and forget about.

100% free, forever

All five features are unlocked from day one. No paid tier, no trial limits.

Zero frontend impact

Logic runs only on the login page. Your visitors and SEO scores stay untouched.

Set up in minutes

Plain-English settings, sensible defaults. Enable the layers you need with a toggle.

WordPress.org official

Distributed through the official directory — reviewed, signed, and updatable from your dashboard.

Get Started

Protected in three steps

01

Install from WordPress.org

Search "SovaryxLoginSecurity" in your WordPress plugin directory and click Install — or download the zip from WordPress.org.

02

Pick the layers you need

Open the Sovaryx settings page and toggle on the layers that fit your site — start with Custom Login URL and Brute Force.

03

Your login is protected

That's it — bots can't find your login, brute force attempts get locked out, and every attempt is logged.

FAQ

Frequently asked questions

Yes. All five features are fully unlocked, with no paid tier, no trial limit, no upsell prompts inside the plugin.

No. The plugin only executes on the login and admin login flow. Your frontend pages and visitor experience are completely unaffected.

An emergency bypass key can be generated and stored offline. If you ever lose access, drop a small file via FTP/SFTP to disable IP restriction temporarily.

It runs on any standard WordPress hosting. Requirements: WordPress 6.0+ and PHP 7.4 or higher.

Yes. Network-activate the plugin and configure per-site or network-wide rules from the network admin.

Sovaryx is intentionally narrow. If you only want login protection without a heavy all-in-one suite, this is the lightest, simplest option. If you need scanning, file change monitoring, or security headers, look at a full suite like SentinelSecurity.

Need to protect the rest of your site too?

SovaryxLoginSecurity focuses only on the login. For vulnerability scanning, file change monitoring, malware detection, and security headers, see SentinelSecurity — built by the same team.

Learn about SentinelSecurity

Lock your WordPress login down
— in under a minute

Free on WordPress.org. Five layers of focused login protection, ready to enable in two clicks.

Download Free from WordPress.org View Documentation