Aller au contenu principal
Extension WordPress gratuite

WordPress Login Security: the free AIFORYA extension

Protect WordPress login: brute-force defense, two-factor authentication and magic links. Free extension, no API key, no time limit.

WordPress Login Security: the free AIFORYA extension

Lock down the WordPress login page, with no API key or external service.

AIFORYA Login Security protects the most attacked page on your site — the login screen — with the essential security tools: brute-force blocking, IP address lists, two-factor authentication and passwordless login. The core of the extension works locally, with no API key, and stays free with no time limit.

  • Free and complete: published on WordPress.org, with no crippled features on the essentials of protection.
  • Local by design: brute-force defense, 2FA and IP lists trigger no network calls.
  • Open standards: TOTP two-factor authentication compatible with every free authenticator app.

Why protect the login specifically?

The login page is the default entry point of any WordPress site, and therefore the number-one target of automated attacks. Thousands of password attempts can be launched each day against wp-login.php without you noticing, until the day one of them succeeds. A strong password is no longer enough: you need to slow down attacks, lock out abusive addresses and add a second barrier that an attacker can't cross with a simple stolen credential.

Existing solutions often reserve these features for their paid version, or drown them in a heavy security suite that slows down the whole site and sends your logs to third-party servers. AIFORYA Login Security focuses on the login, keeps processing local, and leaves the key features available for free.

What the extension does

  • Brute-force protection — temporary blocking of an IP address after a configurable number of failures, with an optional progressive lockout whose duration increases with each new block.
  • IP address lists — a blacklist to block and a whitelist to always allow, managed from the admin.
  • Two-factor authentication (2FA / TOTP) — the open RFC 6238 standard, compatible with Google Authenticator, Authy, FreeOTP and any TOTP app, with single-use backup codes.
  • Passwordless login — the user receives a secure, signed, single-use link by email, with a limited validity period.
  • Login log — a local history of successful logins, failures, blocks and 2FA validations, with configurable automatic purge.
  • Security dashboard — key indicators and a 7-day activity chart, with no external dependency.
  • Uniform error messages — an anti-enumeration option so as not to reveal whether a username exists.

How it does better than competing free extensions

AIFORYA Login SecurityCommon free extensions
Two-factor authenticationIncluded (TOTP + backup codes)Often reserved for the paid version
Passwordless loginIncluded (signed magic links)Rarely offered for free
Dashboard and logLocal, 7-day activityLogs frequently sent to the cloud
Progressive lockoutIncluded and configurableFixed-duration blocking only
API key / accountNone for the coreSometimes required

Privacy and technical honesty

The core of the extension makes no network calls. Two transparent exceptions: passwordless login emails go through WordPress's native mail function (wp_mail), and an optional Support/Reviews tab can, only at your initiative and after explicit consent, send your message to the AIFORYA service. Nothing is sent without a deliberate action on your part.

Installation in 2 minutes

  1. Download the extension shown here (or install it from WordPress.org).
  2. Activate it from the Plugins menu.
  3. Open the AIFORYA Login Security menu, set up brute-force protection in the Protection tab, then enable two-factor authentication for your account.

Your login page is protected the moment you activate it, and you then strengthen each layer at your own pace.

Questions fréquentes

Historique des mises à jour

  1. v1.0.1

    Minor fixes and stability improvements.

  2. v1.0.0

    Initial release: brute-force protection with progressive lockout, IP blacklist and whitelist, TOTP two-factor authentication with backup codes, passwordless login via magic links, login log and security dashboard, uniform anti-enumeration error messages.

Une question ? Contactez-nous.