Skip to content
WordPress.org

Éwé

  • Themes
  • Plugins
  • About
  • Get WordPress
Get WordPress
WordPress.org

Plugin Directory

CubeMage Login Guard

  • Submit a plugin
  • My favorites
  • Log in
  • Submit a plugin
  • My favorites
  • Log in

CubeMage Login Guard

By CubeMage
Download
  • Details
  • Reviews
  • Installation
  • Development
Support

Description

Login Guard by CubeMage provides a security solution to protect your WordPress login, registration, and comment forms against spam and brute-force attacks.

Instead of relying solely on password verification, this plugin integrates Cloudflare Turnstile to validate visitors before WordPress processes the authentication request. This approach helps reduce server load caused by automated bot attempts.

Key Features:

  • Cloudflare Turnstile Integration: Uses a privacy-focused, GDPR-compliant alternative to CAPTCHA for bot verification.
  • Pre-Authentication Check: Validates the Turnstile token before the database query occurs, saving server resources.
  • Limit Login Attempts: Automatically blocks IP addresses after 5 consecutive failed login attempts within 15 minutes to prevent brute-force attacks.
  • XML-RPC Protection: Disables XML-RPC functionality to close a common attack vector often used for DDoS attacks.
  • Form Support: Adds protection to the Login form, Registration form, Lost Password form, and Comment section.
  • Performance: Uses native WordPress Transients for tracking failed attempts, avoiding the creation of heavy custom database tables.

Configuration:

The plugin includes a setup interface to easily input your Cloudflare Site Key and Secret Key.

Installation

  1. Upload the cubemage-login-guard folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Navigate to Settings -> Login Guard.
  4. Enter your Cloudflare Site Key and Secret Key (obtainable for free from the Cloudflare dashboard).
  5. Save settings to enable protection.

FAQ

Is Cloudflare Turnstile free?

Yes, Cloudflare currently offers Turnstile for free.

Does this work with WooCommerce?

Yes, it protects the standard WordPress login forms, which are often used by WooCommerce.

What happens if I get locked out?

If you accidentally block your own IP or misconfigure the keys, you can manually rename the plugin folder via FTP (e.g., to cubemage-login-guard-disabled) to deactivate it and regain access.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“CubeMage Login Guard” is open source software. The following people have contributed to this plugin.

Contributors
  • CubeMage

Translate “CubeMage Login Guard” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Initial release.

Meta

  • Version 1.0.0
  • Last updated 2 months ago
  • Active installations Fewer than 10
  • WordPress version 5.8 or higher
  • Tested up to 6.9.1
  • Language
    English (US)
  • Tags
    anti-spamCloudflare turnstilelimit login attemptsreCAPTCHA-alternativesecurity
  • Advanced View

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Contributors

  • CubeMage

Support

Got something to say? Need help?

View support forum

  • About
  • News
  • Hosting
  • Privacy
  • Showcase
  • Themes
  • Plugins
  • Patterns
  • Learn
  • Support
  • Developers
  • WordPress.tv ↗
  • Get Involved
  • Events
  • Donate ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org

Éwé

  • Visit our X (formerly Twitter) account
  • Visit our Bluesky account
  • Visit our Mastodon account
  • Visit our Threads account
  • Visit our Facebook page
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
Code is Poetry.
The WordPress® trademark is the intellectual property of the WordPress Foundation. WordPress® is not the same thing as WP Engine®. Since October 2024, WordPress.org’s creator Matt Mullenweg is a defendant in a legal action from WP Engine®. The WordPress Hosting page does not recommend WP Engine®.