WPEPP – Login Security, Password Protect & Login Page Customizer

Description

WPEPP best for Best Login security, password protected content, block AI crawlers, limit login attempts & login customizer with live preview. Total site protection! WPEPP is the all-in-one WordPress login security and login page customizer plugin. It combines everything you need to limit login attempts, block brute force attacks, hide the login page, password protect content, and customize the WordPress login page — all from a single, modern dashboard with real-time live preview.

Stop installing five separate plugins. WPEPP replaces your login limiter, login page customizer, password form styler, content restriction plugin, and AI crawler blocker with one lightweight solution that loads zero external scripts on the front end.

View Details | View Pricing

🔐 Limit Login Attempts & Brute Force Protection

Protect your WordPress login form from brute force attacks with built-in login attempt limiting and IP-based lockouts.

• Login Attempt Limiter — automatically block IP addresses after repeated failed login attempts
• Configurable lockout — set the maximum number of failed attempts and lockout duration in minutes
• Login Honeypot — invisible bot trap field catches automated brute force login attacks instantly
• Registration Honeypot — hidden spam trap on the WordPress registration form blocks fake signups
• Registration Rate Limiter — prevent mass registration spam with per-IP rate limiting
• IP-based tracking — every failed login is tracked by IP address for accurate blocking

🛡️ Hide Login Page & Custom Login URL (Pro)

Move your default WordPress login page to a secret URL so bots and attackers can never find it.

• Custom Login URL — change wp-login.php to any URL you choose (e.g., /my-secret-login)
• Hide Default Login — the original wp-login.php returns a 404, invisible to attackers
• After-Login Redirect — send users to a specific page after successful login
• Auto-Login Links — generate secure one-time login tokens for specific users

🔑 Two-Factor Authentication – 2FA (Pro)

Add an extra layer of security to every WordPress login with TOTP-based two-factor authentication.

• Authenticator App Support — works with Google Authenticator, Authy, Microsoft Authenticator, and any TOTP app
• QR Code Setup — users scan a QR code to set up 2FA in seconds
• Recovery Codes — 8 one-time backup codes in case a user loses their authenticator device
• Role-Based Enforcement — enable 2FA for specific user roles (administrators, editors, etc.)
• RFC 6238 Compliant — industry-standard time-based one-time password implementation

🤖 Google reCAPTCHA Integration (Pro)

Add Google reCAPTCHA to your login and registration forms to stop bots before they even try.

• Login Form reCAPTCHA — prevent automated login attempts with CAPTCHA verification
• Registration Form reCAPTCHA — block bot signups on the WordPress registration page
• Easy Setup — just enter your Site Key and Secret Key to activate

📊 Login Activity Log (Pro)

Monitor every login attempt on your WordPress site with a detailed activity log.

• Complete Logging — records every successful, failed, and locked-out login attempt
• IP Address Tracking — see which IPs are attempting to access your site
• User-Agent Detection — identify the browser or bot behind each login attempt
• Status Filtering — filter the log by success, failure, or lockout status
• Timestamp Records — exact date and time of every login event

🛑 Block AI Crawlers & Bots

Prevent AI companies from crawling and training on your website content. Block GPTBot, CCBot, Google-Extended, and more.

• One-Click AI Blocker — toggle known AI crawlers on or off from a simple checklist
• robots.txt Rules — automatically generates and injects bot-blocking rules into your robots.txt
• User-Agent Blocking — returns 403 Forbidden to blocked AI crawlers at the server level
• Rule Preview — see exactly what rules will be added before saving

🔒 Lock Entire Site — Site Access Control

Need to lock your entire WordPress site? WPEPP gives you two powerful ways to do it — no plugins or code required.

Admin Only Mode — restricts the entire site to logged-in users only. Anyone who is not signed in is automatically redirected to the login page or shown a login popup. Perfect for intranet sites, staging environments, or member communities.

Site Password Protection — lock the whole site behind a single shared password. Visitors must enter the password before they can view any page. Logged-in administrators always bypass it automatically. Set a cookie duration so returning visitors are not asked again.

• Admin-Only Mode — lock the entire front end so only logged-in users can view it
• Site Password — require a single password for all visitors to access the site
• Configurable Cookie Duration — set how many days the access cookie lasts before asking again
• Bypass for Admins — logged-in administrators always skip the password gate automatically
• Custom Access Message — show a branded message above the password form
• Login Popup Option — show a blurred login overlay instead of a redirect (Pro)
• Page Whitelist — keep login, register, and selected pages accessible while the rest is locked

🔐 Password Protect Pages & Content Lock (Pro)

Lock any WordPress post, page, or custom post type so only authorized users can see the content.

• Per-Post Toggle — lock individual posts from the Gutenberg editor sidebar or Classic Editor meta box
• Multiple Lock Actions — choose from login link, inline password form, full-page popup with blur, or redirect
• Role-Based Locking — restrict content to specific user roles (subscribers, members, etc.)
• Auto-Expiry Unlock — automatically unlock content at a scheduled date and time
• Excerpt on Archives — optionally show a teaser excerpt on blog listing pages
• Works Everywhere — compatible with posts, pages, and all registered custom post types

📋 Conditional Content Display

Show or hide any post or page based on smart conditions — without shortcodes.

• User Status — show content only to logged-in or logged-out users (Free)
• User Role — target administrators, editors, subscribers, or any custom role (Pro)
• Device Type — show different content on desktop, tablet, or mobile (Pro)
• Time & Date — schedule visibility by time range, date range, day of week, or recurring schedule (Pro)
• Browser Detection — target Chrome, Firefox, Safari, Edge, or Opera users (Pro)
• URL Parameters — show content based on query string values like ?ref=email (Pro)
• Referrer Source — display content based on where the visitor came from (Pro)
• REST API Compatible — hidden content is stripped from API responses for headless WordPress setups
• 12 Conditions Total — the most flexible conditional visibility system available

👥 Member-Only Pages

Create pages visible only to logged-in members — no membership plugin required.

• Dedicated Page Template — assign the “Member Only” template to any WordPress page
• Built-In Login Form — visitors see a login form; authenticated users see the real content
• Zero Configuration — works out of the box, no setup needed

🎨 Login Page Customizer with Live Preview

Customize the default WordPress login page (wp-login.php) with a visual editor and real-time preview.

• Background Options — solid color, CSS gradient, background image, or background video with overlay
• Custom Logo — upload your own logo image, set its size, or use a text-based logo with custom font
• Form Styling — customize background, border, width, padding, and box shadow of the login form
• Field Styling — change input background, text color, border, padding, height, and focus state
• Button Styling — customize background, text color, font size, border radius, and hover state
• Heading & Links — style the form heading text and “Lost your password?” link
• Error Messages — customize the color, font, background, and padding of login error messages
• Register & Lost Password Pages (Pro) — same visual editor for wp-login.php?action=register and ?action=lostpassword
• Live Preview — every change is visible in real time before you save

🎯 Password-Protected Form Styling

Replace the plain WordPress password form with beautiful, branded designs using a real-time visual editor.

• 4 Unique Form Styles — 2 free styles, 2 additional styles with Pro
• Custom Text — add header and description text above or below the password form
• Button & Label Text — change the submit button label, input placeholder, and error messages
• Social Media Icons — add links to Facebook, X (Twitter), YouTube, Instagram, LinkedIn, Pinterest, and Tumblr
• Icon Controls — set position (top, middle, bottom), alignment, and visual style
• 10+ One-Click Templates — import pre-built designs like Minimal, Modern Dark, Corporate, Nature, Gradient Wave, and more

🛡️ Security Hardening

Reduce your WordPress attack surface with built-in hardening tools.

• Disable XML-RPC — shut down the xmlrpc.php endpoint used by bots for brute force and DDoS attacks
• Hide WordPress Version — remove the generator meta tag and version query strings from your source code
• Disable REST API User Enumeration — block the /wp/v2/users endpoint to prevent username discovery
• IP Blocklist & Allowlist (Pro) — manually block or allow specific IP addresses
• Disposable Email Blocker (Pro) — prevent registrations with temporary email addresses
• Email Domain Whitelist/Blacklist (Pro) — restrict or allow signups by email domain
• Admin Approval for Registrations (Pro) — require manual admin approval before new users can log in

✅ Free vs Pro Comparison

Login Security

• Limit Login Attempts & IP Lockout — Free & Pro
• Login Honeypot (Bot Trap) — Free & Pro
• Registration Honeypot — Free & Pro
• Registration Rate Limiter — Free & Pro
• Hide Login Page (Custom Login URL) — Pro
• Two-Factor Authentication (2FA) — Pro
• Google reCAPTCHA (Login + Register) — Pro
• Login Activity Log — Pro
• IP Blocklist / Allowlist — Pro
• Disposable Email Blocker — Pro
• Email Domain Whitelist/Blacklist — Pro
• Admin Registration Approval — Pro

Security Hardening

• Disable XML-RPC — Free & Pro
• Hide WordPress Version — Free & Pro
• Disable REST API User Enumeration — Free & Pro
• AI Crawler & Bot Blocker — Free & Pro

Content Protection

• Site-Wide Access Control — Free & Pro
• Admin-Only Mode — Free & Pro
• Site-Wide Password — Free & Pro
• Content Lock (Per-Post) — Pro
• Auto-Expiry Unlock — Pro
• Role-Based Content Lock — Pro
• Conditional Display (Login Status) — Free & Pro
• Conditional Display (12 Conditions) — Pro
• Member-Only Page Template — Free & Pro

Login Page Customizer

• Login Page Styling (Background, Logo, Form) — Free & Pro
• Login Page Advanced Styling + Custom CSS — Pro
• Register Page Styling — Pro
• Lost Password Page Styling — Pro

Password Form Styling

• Password Form – Styles 1 & 2 — Free & Pro
• Password Form – Styles 3 & 4 — Pro
• Custom Text, Labels & Social Icons — Free & Pro
• Templates Gallery (3 Free / 10+ Pro) — Free & Pro

Preview & Admin

• Real-Time Live Preview — Free & Pro
• Desktop Responsive Preview — Free & Pro
• Tablet & Mobile Responsive Preview — Pro
• React-Powered Admin Dashboard — Free & Pro

🌐 Live Demos

See WPEPP in action:

• Password-protected page demo

🏗️ Built for Performance

WPEPP is designed to be fast and lightweight:

• No external scripts on the front end — zero impact on page load speed
• Conditional asset loading — CSS and JS load only on pages that need them
• Modern React admin — the settings panel is fast and responsive without slowing your site
• REST API powered — all settings are saved via the WordPress REST API, no page reloads

🌍 Translations

• English (default)
• Translation-ready — .pot file included for translators

Privacy Policy

WPEPP uses the Appsero SDK to collect telemetry data only after the user opts in via an admin notice. No data is collected by default.

The SDK gathers basic diagnostic information (PHP version, WordPress version, plugin version, site URL) to help us troubleshoot issues and improve the product. It does not collect personal user data, passwords, or content.

Learn more: Appsero Privacy Policy.