Title: DoLogin Security Author: WPDO Published: September 27, 2019 Last modified: June 11, 2025 --- Search plugins ![](https://ps.w.org/dologin/assets/icon-256x256.png?rev=2173350) # DoLogin Security By [WPDO](https://profiles.wordpress.org/wpdo5ea/) [Download](https://downloads.wordpress.org/plugin/dologin.4.3.zip) * [Details](https://frp.wordpress.org/plugins/dologin/#description) * [Reviews](https://frp.wordpress.org/plugins/dologin/#reviews) * [Development](https://frp.wordpress.org/plugins/dologin/#developers) [Support](https://wordpress.org/support/plugin/dologin/) ## Description In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited. Limit the number of login attempts through both the login and the auth cookies. * Two-factor Authentication login. * Text SMS message passcode for 2nd step verification support. * Cloudflare Turnstile (better than Google reCAPTCHA). * GeoLocation (Continent/Country/City) or IP range to limit login attempts. * Passwordless login link. * Support Whitelist and Blacklist. * GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5- hashed). * WooCommerce Login supported. * XMLRPC gateway protection. #### API * Call the function `$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link(' your plugin name or tag' ) : '';` to generate one passwordless login link for the current user. * Call the function `$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link(' note/tip for this generation', $user_id ) : '';` to generate a passwordless login link for the user which ID is `$user_id`. The generated one-time used link will be expired after 7 days. * Define const `SILENCE_INSTALL` to avoid redirecting to setting page after installtion. #### CLI * List all passwordless links: `wp dologin list` * Generate a passwordless link for one username (for the login name `root`): `wp dologin gen root` * Delete a passwordless link w/ the ID in list (for the record w/ ID 5): `wp dologin del 5` #### How GeoLocation works When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist/blacklist to decide if allow login attempts. ### Privacy The online IP lookup service is provided by https://www.doapi.us. The provider’s privacy policy is https://www.doapi.us/privacy. Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin. ## Screenshots * [[ * Plugin Site Connections * [[ * Plugin Settings * [[ * Plugin Passwordless Login * [[ * Plugin Login Attempts Log * [[ * Login Page (After sent dynamic code to mobile text message) * [[ * Login Page (2 times left) * [[ * Login Page (Too many failure) * [[ * Login Page (Blacklist blocked) * [[ * WooCommerce login protection ## Reviews ![](https://secure.gravatar.com/avatar/c9116844d1708052fe74f24fc193211a0c29c5bc95593c4e55ef734cc4330fd5? s=60&d=retro&r=g) ### 󠀁[Perfect and funcional](https://wordpress.org/support/topic/perfect-and-funcional/)󠁿 [João Portugal](https://profiles.wordpress.org/joao2024portugal/) April 10, 2024 Extremely functional without extras or ads. Please keep giving us updates. ![](https://secure.gravatar.com/avatar/00d838149facc3956ad096d144283bf6b7cd2a7621bac1abc0f8175dc98dbcce? s=60&d=retro&r=g) ### 󠀁[Good Plugin](https://wordpress.org/support/topic/good-plugin-6478/)󠁿 [Qiannah Update Media](https://profiles.wordpress.org/qiannahupdatemedia/) June 20, 2023 this plugin works very well ![](https://secure.gravatar.com/avatar/6d60416e8e50a1b8355e21e7019002f81bf49782f553eaa4db2ef57fb5cc149a? s=60&d=retro&r=g) ### 󠀁[Verify 2FA options and SMS Auth have stopped working](https://wordpress.org/support/topic/verify-2fa-options-and-sms-auth-have-stopped-working/)󠁿 [sergialarconrecio](https://profiles.wordpress.org/sergialarconrecio/) January 30, 2023 The Verify 2FA options and the SMS Auth have stopped working, that’s why I only give it two stars. I wait for a solution or if not I do not recommend anyone to install the plugin. ![](https://secure.gravatar.com/avatar/ff7ff0422455aa063d5353a6cace371bdd1dbe3a267878bace3064b3a37874d3? s=60&d=retro&r=g) ### 󠀁[Passwordless login feature.](https://wordpress.org/support/topic/passwordless-login-feature/)󠁿 [techtone](https://profiles.wordpress.org/techtoned/) January 27, 2023 Passwordless login link option is simply amazing. Love this plugin. ![](https://secure.gravatar.com/avatar/0dbab694daa8d90e710d72ce9fe9838696f577b7d27fd83377fa25e3425976a8? s=60&d=retro&r=g) ### 󠀁[Install this plugin first](https://wordpress.org/support/topic/install-this-plugin-first/)󠁿 [Louis Stanford](https://profiles.wordpress.org/louisstanford/) September 26, 2022 This is a lightweight plugin that should be first on your list. One request tho: would be nice to see a distinction made between successful logins, and unsuccessful logins and blocked logins. ![](https://secure.gravatar.com/avatar/aeed27e9f63bce0d74b0cc0a0ad2008df08c6a2f95eb3f759f8a98f21d29827d? s=60&d=retro&r=g) ### 󠀁[Great plugin!](https://wordpress.org/support/topic/great-but-looking-abandoned/)󠁿 [ads](https://profiles.wordpress.org/ecomturbo/) October 12, 2022 3 replies Great plugin and solid contributors regularly keeping it up to date. It has 2FA, Google recaptcha and integrates with Google Authenticator [ Read all 13 reviews ](https://wordpress.org/support/plugin/dologin/reviews/) ## Contributors & Developers “DoLogin Security” is open source software. The following people have contributed to this plugin. Contributors * [ WPDO ](https://profiles.wordpress.org/wpdo5ea/) * [ wpdo ](https://profiles.wordpress.org/wpdo/) “DoLogin Security” has been translated into 2 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/dologin/contributors) for their contributions. [Translate “DoLogin Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/dologin) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/dologin/), check out the [SVN repository](https://plugins.svn.wordpress.org/dologin/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/dologin/) by [RSS](https://plugins.trac.wordpress.org/log/dologin/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 4.3 – Jun 11 2025 * Generating passwordless link will redirect to the corresponding tab now. #### 4.2 – May 31 2025 * 🍀 Cloudflare Turnstile reCAPTCHA. * 🐞 Fixed 2FA conflict w/ reCAPTCHA. #### 4.1.1 – May 27 2025 * Resolved WooCommerce HPOS feature warning. #### 4.1 – May 27 2025 * Showed the easy login confirmation landing page. * Disallowed reuse of login link to prevent possible replay attack. * Fixed root site pk/sk clear issue in easy login when saving conf. * Restored reCAPTCHA to previous version. #### 4.0 – May 26 2025 * 🍀 `Easy Login` feature! Allow one root WordPress to easy login to multi child WordPress sites. #### 3.8 * Security patch per patchstack report. #### 3.7.1 * IP vulnerability patch for dashboard widget. (Bob@Jetpack) #### 3.7 * IP vulnerability patch. (Bob@Jetpack) #### 3.6 * Fixed Google reCAPTCHA authentication failure. (mandotr) #### 3.5.2 * Fixed auto upgrade PHP warning. (lavacano) #### 3.5.1 * Banner to install qrcode plugin to enable 2FA. #### 3.5 * 🍀 Two-factor Authentication. #### 3.4 * Bypassed version check to speed up WP6 loading. #### 3.3 * Fixed potential duration value in string conversion issue. (wpcrono) #### 3.2 * API `dologin_admin_menu_access` to allow other users to config dologin settings.( franfal) #### 3.1 * Compatibility improvement when communication failed between client wordpress and DoAPI.us API. (@matteocuellar @ecomturbo @thesaintindiano) #### 3.0 * 🍀 Dashboard widget. * New API for free text message gateway. #### 2.9.4 * Fixed IXR_Error PHP notice for XMLRPC login failure. #### 2.9.3 * Support translation for login text message. (@merkwert) #### 2.9.2 * More accurate to detect IP. #### 2.9.1 * 🍀 New setting Google reCAPTCHA on Lost Password Page. #### 2.9 * WordPress v5.5 Rest compatibility. #### 2.8 * Avoid duplicated login attempt records for one IP in a short time. * GUI enhancement. #### 2.7.1 * Added API info to GUI. #### 2.7 * Login Attempts log can be cleared now. #### 2.6 * Codebase reformated. #### 2.5 * CLI supported. #### 2.4 * Passwordless link can be copied in one click. #### 2.3 * 🍀 Reverse Matching w/ `!:` feature. Now can use `!:` to exclude one rule. (@jacklinkers) #### 2.2.2 * Better IP detection. * Supported empty line and single line comments for whitelist and blacklist. #### 2.2.1 * Declared WooCommerce support up to 4.0.1. #### 2.2 * Whitelist and Blacklist support comments now. #### 2.1 * Passwordless login will now have a confirm page to avoid auto-visited when sharing the link. #### 2.0 * Fresh New GUI! #### 1.9 * 🍀 New option: Show reCAPTCHA on Register page. (@ach1992) #### 1.8 * 🍀 Show Phone Number field on Register page if Force SMS Auth setting is ON. ( @ach1992) #### 1.7.1 * 🐞 Will now honor the timezone setting when showing date of sent. (@ducpl) #### 1.7 * Supported DoDebug now. * Bypassed whitelist check for WooCommerce clients on checkout page. * 🐞 WooCommerce checkout page can now login correctly. #### 1.6 * 🍀 Google reCAPTCHA. * 🐞 WooCommerce can now use same login strategy settings. #### 1.5 * 🍀 Test SMS Message feature under Settings page. #### 1.4.7 * Language supported. #### 1.4.5 * PHP5.3 supported. #### 1.4.4 * Doc updates. #### 1.4.3 * _API_ Silent install mode to avoid redirecting to settings by defining const ` SILENCE_INSTALL` #### 1.4.2 * _API_ Generated link defaults to expire in 7 days. #### 1.4.1 * _API_ New function `dologin_gen_link( 'my_plugin' )` API to generate a link for current user. #### 1.4 * 🍀 Passwordless login link. #### 1.3.5 * SMS PHP Warning fix. #### 1.3.4 * REST warning fix. #### 1.3.3 * GUI cosmetic. #### 1.3.2 * 🐞 Fixed a bug that caused not enabled SMS WP failed to login. #### 1.3.1 * PHP Notice fix. #### 1.3 * 🍀 SMS login support. #### 1.2.2 * Auto redirect to setting page after activation. #### 1.2.1 * Doc improvement. #### 1.2 * 🍀 XMLRPC protection. #### 1.1.1 * 🐞 Auto upgrade can now check latest version correctly. #### 1.1 * 🍀 _New_ Display login failure log. * 🍀 _New_ GDPR compliance. * 🍀 _New_ Auto upgrade. * _GUI_ Setting link shortcut from plugin page. * _GUI_ Display security status on login page. * 🐞 Stale settings shown after successfully saved. * 🐞 Duration setting can now be saved correctly. * 🐞 Fully saved geo location failure log. #### 1.0 – Sep 27 2019 * Initial Release. ## Meta * Version **4.3** * Last updated **10 months ago** * Active installations **7,000+** * WordPress version ** 4.0 or higher ** * Tested up to **6.8.5** * Languages * [English (US)](https://wordpress.org/plugins/dologin/), [Japanese](https://ja.wordpress.org/plugins/dologin/), and [Persian](https://fa.wordpress.org/plugins/dologin/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/dologin) * Tags * [2fa-login](https://frp.wordpress.org/plugins/tags/2fa-login/)[easy login](https://frp.wordpress.org/plugins/tags/easy-login/) [login security](https://frp.wordpress.org/plugins/tags/login-security/) * [Advanced View](https://frp.wordpress.org/plugins/dologin/advanced/) ## Ratings 4.5 out of 5 stars. * [ 11 5-star reviews ](https://wordpress.org/support/plugin/dologin/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/dologin/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/dologin/reviews/?filter=3) * [ 2 2-star reviews ](https://wordpress.org/support/plugin/dologin/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/dologin/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/dologin/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/dologin/reviews/) ## Contributors * [ WPDO ](https://profiles.wordpress.org/wpdo5ea/) * [ wpdo ](https://profiles.wordpress.org/wpdo/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/dologin/)