Dual Authentication STOPS Unauthorized
Access to your WordPress Dashboard…

Designed to stop malicious and unauthorized access to your Wordpress site or Blog, WP Simple Login Security is a lightweight WordPress Plugin which requires no technical know-how to set up and use.

Utilizing best practice WordPress development principles, including NO modifications to HTACCESS or WP core files, the system has been developed in a way whereby it cannot harm your existing website yet give you the security you should have.

It uses popular 2 Factor Authentication principles without the need for two devices.  It does so by sending the authorization code to the admin or users email address registered within your WordPress system, thereby allowing the whole process to be performed through one device.

There are NO one-off, monthly, or annual
authentication fees with this plugin

Special features:

  • Simple set up – takes less than 30 seconds after you activate the plugin (see Screenshots).
  • Login Key: hide the login page (i.e. wp-login.php) and /wp-admin/ – anyone who tries going there (e.g. hacker bots) will be re-directed to a page.
  • Dual Authentication – you enter your username, then get taken to a screen where you must enter in the password and your session authorization / authentication code. The Authorization Code is sent by email to the registered users email address only AFTER a valid Username has been entered.
  • A unique authentication / authorization code is generated for each login – it cannot be used again.
  • Supports Multiple Users – the Login Key must be given to each authorized user so they can gain access. After that, the Authorization Code is sent to their registered email address.
  • User Defined Settings you decide whether to use with or without dual authentication and / or hide the login page. These settings can be modified at any point. (We recommend use of both options.)
  • Change Login Key at any time – an extra way to block staff when they depart as they will not know where to go to login.
  • A Usage Log of all accesses – time and date logged in and logged out, including IP address and user. (Can be sorted.) Authenticated, failed access attempts and accesses even when dual authentication is not being used are all recorded in this Log. 
  • It CANNOT break your website / blog. In a worst case scenario, simple remove from your Plugin directory using FTP. 
  • Minimal DB access – uses only two variable options at login point.
  • Translation ready – if required (see our FAQ’s).
  • Works with WordPress Multi User 
  • Runs with many popular plugins – tests have been conducted on WordPress installations utilizing WP Super Cache, W3 Total Cache, and Contact Form 7 plus security plugins including Wordfence, BruteProtect, and Disable XML-RPC Pingback.
Note: If this Plugin does not work, then the cause will be a specific plugin which we have not tested. In such instances, it is worth identifying which plugin is causing the problem and finding an alternative which conforms with WordPress best practices.


ANY WordPress site owner can use this. It is particularly applicable to:

  • Site owners who want to secure access to their site without paying an annual subscription fee for a 2 factor authentication service.
  • Existing 2 factor authentication service users who have experienced or are concerned by loss or theft of their cell phone and therefore inconvenienced when trying to access their Dashboard.
  • Multi-user sites – all “authorized” users / authors and administrator/s get access to dual authentication in line with the access permissions set within your  Wordpress site.
  • Organizations which have or plan to ban use of cell phones in the office.
  • Users who like to keep things simple.

View Screenshots              Download Now