Title: NHR Secure – Login Security, Firewall, 2FA & Audit Log Author: Nazmul Hasan Robin Published: 4 de desembre de 2025 Last modified: 9 de maig de 2026 --- Cerca extensions ![](https://ps.w.org/nhrrob-secure/assets/banner-772x250.png?rev=3436910) ![](https://ps.w.org/nhrrob-secure/assets/icon-256x256.png?rev=3431204) # NHR Secure – Login Security, Firewall, 2FA & Audit Log Per [Nazmul Hasan Robin](https://profiles.wordpress.org/nhrrob/) [Baixa](https://downloads.wordpress.org/plugin/nhrrob-secure.1.3.2.zip) * [Detalls](https://ca.wordpress.org/plugins/nhrrob-secure/#description) * [Ressenyes](https://ca.wordpress.org/plugins/nhrrob-secure/#reviews) * [Instal·lació](https://ca.wordpress.org/plugins/nhrrob-secure/#installation) * [Desenvolupament](https://ca.wordpress.org/plugins/nhrrob-secure/#developers) [Suport](https://wordpress.org/support/plugin/nhrrob-secure/) ## Descripció Keep your WordPress site safe with minimal effort. NHR Secure helps you: * Hide or protect your admin area from unauthorized access. * Limit login attempts to prevent brute-force attacks. * Hide debug logs to prevent sensitive information disclosure. * Add 2FA to your WordPress site. * Scan core files, plugins, and themes for known vulnerabilities. * Monitor site health with one-click security recommendations. * Protect against SQL injection, XSS, and LFI attacks. * Block malicious IPs and entire countries. ### **Features at a glance:** ### 🔒 Limit Login Attempts Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts. – Configurable attempt limit (1-20, default: 5) – Blocks based on IP + Username combination – Auto-unblock after 2 hours ### 🔐 Custom Login Page Hide wp-login.php and use a custom login URL. – Default custom URL: `/hidden-access- 52w` – Blocks direct access to wp-login.php and wp-admin for guests ### 🛡️ Protect Debug Log File Blocks direct access to `/wp-content/debug.log` – Returns 403 Forbidden for all users ### ⚙️ Modern Settings Page Configure everything from a beautiful React-powered interface. – Located under ** Tools NHR Secure** – **Dark Mode** support for comfortable viewing – Enable/disable each feature ### 🔐 Two-Factor Authentication (2FA) Enable two-factor authentication for users. – Support for **Authenticator Apps** and **Email OTP** – **Enforce 2FA** for specific user roles (e.g., Administrators)–** Recovery Codes** for emergency access – QR code setup for Authenticator Apps ### 🛡️ Vulnerability Checker Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database. – Daily automatic scans – Alerts for critical security issues – Check file integrity ### 🖥️ User Session Management Monitor and control active user sessions to prevent unauthorized access. – **View Active Sessions:** See IP, location, device, and login time for all logged-in users.–** Remote Logout:** Instantly log out suspicious sessions or all other devices. – ** Idle Timeout:** Automatically log out inactive users after a set period. ### 🧱 Hardening & Firewall Essential security hardening to lock down your WordPress site. – **Disable XML- RPC:** Prevent remote attacks and brute-force attempts. – **Disable File Editor:** Stop file modifications from the dashboard. – **Hide WP Version:** Obscure your WordPress version from attackers. – **Block User-Agents:** Prevent bad bots and scrapers from accessing your site. – **Disable User Enumeration:** Stop attackers from harvesting usernames via REST API. ### 📝 Activity Audit Log Keep a record of important security events on your site. – Tracks logins, failed attempts, file changes, and settings updates. – View user, IP, and event details.– Configurable log retention policy. ### 🏥 Security Health Check & One-Click Secure Get an instant overview of your site’s security posture. – **Security Score:** View your overall protection percentage and grade (A+ to F). – **Health Dashboard:** See which security features are active and which need attention. – **One-Click Secure:** Apply recommended security settings instantly. – **11 Security Checks:** Comprehensive analysis of your security status. ### 🛡️ Advanced Firewall (IPS) Proactive intrusion prevention system that blocks malicious requests in real-time. –** SQL Injection Protection:** Detect and block SQLi attacks automatically. – **XSS Prevention:** Stop cross-site scripting attempts. – **LFI Protection:** Prevent local file inclusion attacks. – **Pattern Matching:** Advanced regex-based detection for common attack vectors. – **Automatic Blocking:** Suspicious requests are blocked before they reach WordPress. ### 🌍 IP & Country Management Control access to your site with granular IP and geographic filtering. – **IP Whitelist:** Allow trusted IPs to bypass all security filters. – **IP Blacklist:** Block malicious IPs permanently from your site. – **CIDR Support:** Use CIDR notation for blocking entire IP ranges (e.g., 192.168.1.0/24). – **Country Blocking:** Block access from 90+ countries using GeoIP lookup. – **Smart Caching:** GeoIP lookups are cached for 24 hours for optimal performance. – **Private IP Detection:** Automatically skip local/private IPs. ### ⚡ Lightweight & Minimal Designed to deliver maximum security with minimal code. No bloat, no complexity. – Compatible with most WordPress themes and plugins. ### External Services This plugin utilizes the [WPVulnerability](https://wpvulnerability.com/) API to check for vulnerabilities. – **Service:** WPVulnerability – **Data:** Only plugin slugs and versions are sent. No personal data is collected. ## Captures [⌊Failed login attempts are blocked.⌉⌊Failed login attempts are blocked.⌉[ Failed login attempts are blocked. [⌊Custom login page.⌉⌊Custom login page.⌉[ Custom login page. [⌊Debug log is hidden.⌉⌊Debug log is hidden.⌉[ Debug log is hidden. [⌊Modern React-powered settings page.⌉⌊Modern React-powered settings page.⌉[ Modern React-powered settings page. [⌊Modern React-powered settings page - part 2.⌉⌊Modern React-powered settings page- part 2.⌉[ Modern React-powered settings page – part 2. [⌊2FA setup in user profile.⌉⌊2FA setup in user profile.⌉[ 2FA setup in user profile. [⌊2FA setup in user profile - Email OTP.⌉⌊2FA setup in user profile - Email OTP.⌉[ 2FA setup in user profile – Email OTP. [⌊2FA setup in user profile - Recovery codes.⌉⌊2FA setup in user profile - Recovery codes.⌉[ 2FA setup in user profile – Recovery codes. [⌊Dark mode support.⌉⌊Dark mode support.⌉[ Dark mode support. ## Instal·lació 1. Upload the `nhrrob-secure` plugin folder to your `/wp-content/plugins/` directory. 2. Activate the plugin through the ‘Plugins’ menu in WordPress. 3. Navigate to **Tools NHR Secure** to configure settings. ## PMF ### How do I access the settings page? Navigate to **Tools NHR Secure** in your WordPress admin dashboard. ### Does it limit login attempts? Yes. Repeated failed login attempts from the same IP will be temporarily blocked to prevent brute-force attacks. You can configure the limit (1-20 attempts) from the settings page. ### What is the default custom login URL? The default custom login URL is `/hidden-access-52w`. You can change this in the settings page under Tools NHR Secure. ### How does 2FA work? 2FA (Two-Factor Authentication) adds an extra layer of security to your WordPress site. When enabled, users must enter a code from their 2FA app (e.g., Google Authenticator, Authy) in addition to their username and password to log in. ### Can I disable specific features? Yes. You can enable or disable each feature from the settings page under Tools NHR Secure. ## Ressenyes No hi ha ressenyes per a aquesta extensió. ## Col·laboradors i desenvolupadors «NHR Secure – Login Security, Firewall, 2FA & Audit Log» és programari de codi obert. La següent gent ha col·laborat en aquesta extensió. Col·laboradors * [ Nazmul Hasan Robin ](https://profiles.wordpress.org/nhrrob/) [Traduïu «NHR Secure – Login Security, Firewall, 2FA & Audit Log» a la vostra llengua.](https://translate.wordpress.org/projects/wp-plugins/nhrrob-secure) ### Interessats en el desenvolupament? [Navegueu pel codi](https://plugins.trac.wordpress.org/browser/nhrrob-secure/), baixeu-vos el [repositori SVN](https://plugins.svn.wordpress.org/nhrrob-secure/), o subscriviu-vos al [registre de desenvolupament](https://plugins.trac.wordpress.org/log/nhrrob-secure/) per [fisl de subscripció RSS](https://plugins.trac.wordpress.org/log/nhrrob-secure/?limit=100&mode=stop_on_copy&format=rss). ## Registre de canvis #### 1.3.2 – 09/05/2026 * WordPress tested up to version is updated to 7.0 * Few minor bug fixes & improvements #### 1.3.1 – 07/02/2026 * Fixed: Forced logout issue for 2FA users #### 1.3.0 – 28/01/2026 * Added: Security Health Check with scoring system (A+ to F grade) * Added: One-Click Secure feature to apply recommended settings instantly * Added: Advanced Firewall (IPS) with real-time protection against SQL Injection, XSS, and LFI attacks * Added: IP Management with Whitelist and Blacklist (CIDR support) * Added: Country Blocking for 90+ countries using GeoIP lookup with caching * Improved: Dark mode styling for all components * Improved: Overall security dashboard UI/UX #### 1.2.0 – 17/01/2026 * Added: User Session Management (View active sessions, remote logout, idle timeout) * Added: Hardening & Firewall (Disable XML-RPC, File Editor, Version Hiding, User Enumeration) * Added: User-Agent Blocking * Added: Audit Logs for security events * Fixed: Dark mode improvements * Improved: UI enhancements #### 1.1.0 – 13/01/2026 * Added: Vulnerability Checker * Added: File Scanner to check file integrity * Improved: UI for scan results * Few minor bug fixing & improvements #### 1.0.6 – 11/01/2026 * Fixed: Fatal error due to missing vendor files #### 1.0.5 – 11/01/2026 * Added: Email OTP feature * Added: Recovery codes for 2FA * Added: Enforce 2FA for specific roles * Added: Dark mode support * Few minor bug fixing & improvements #### 1.0.4 – 09/01/2026 * Added: Modern React-powered settings page under Tools NHR Secure * Added: Enable/disable all features from admin interface * Added: Configurable login attempts limit (1-20) * Added: Customizable login page URL from settings * Added: Two-factor authentication (2FA) feature #### 1.0.3 – 05/01/2026 * Added: Custom login page. * Added: Hide debug log. #### 1.0.2 – 04/12/2025 * Initial release. Cheers!! * Added plugin assets (icons, banners & screenshot). * Fixed fatal error related to function name. #### 1.0.1 – 30/11/2025 * Few minor bug fixing & improvements #### 1.0.0 – 23/10/2025 * Initial beta release. Cheers! ## Meta * Versió **1.3.2** * Darrera actualització **fa 1 mes** * Instal·lacions actives **Menys de 10** * Versió del WordPress ** 6.0 o posterior ** * Provada fins a **7.0** * Versió del PHP ** 7.4 o posterior ** * Idioma * [English (US)](https://wordpress.org/plugins/nhrrob-secure/) * Etiquetes * [2FA](https://ca.wordpress.org/plugins/tags/2fa/)[Debug log](https://ca.wordpress.org/plugins/tags/debug-log/) [hide admin](https://ca.wordpress.org/plugins/tags/hide-admin/)[login protection](https://ca.wordpress.org/plugins/tags/login-protection/) [security](https://ca.wordpress.org/plugins/tags/security/) * [Vista avançada](https://ca.wordpress.org/plugins/nhrrob-secure/advanced/) ## Valoracions Encara no s'ha enviat cap ressenya. [Your review](https://wordpress.org/support/plugin/nhrrob-secure/reviews/#new-post) [Visualitzeu totes les ressenyes](https://wordpress.org/support/plugin/nhrrob-secure/reviews/) ## Col·laboradors * [ Nazmul Hasan Robin ](https://profiles.wordpress.org/nhrrob/) ## Suport Teniu quelcom a dir? Necessiteu ajuda? [Visualitza els fòrums de suport](https://wordpress.org/support/plugin/nhrrob-secure/)