In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited. Limit the number of login attempts through both the login and the auth cookies. Two-factor Authentication login. Text SMS message passcode for 2nd step verification support. Google reCAPTCHA. GeoLocation (Continent/Country/City) or IP range to limit login attempts. Passwordless login link. Support Whitelist and Blacklist. GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed). WooCommerce Login supported. XMLRPC gateway protection. API Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : ''; to generate one passwordless login link for the current user. Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note/tip for this generation', $user_id ) : ''; to generate a passwordless login link for the user which ID is $user_id. The generated one-time used link will be expired after 7 days. Define const SILENCE_INSTALL to avoid redirecting to setting page after installtion. CLI List all passwordless links: wp dologin list Generate a passwordless link for one username (for the login name root): wp dologin gen root Delete a passwordless link w/ the ID in list (for the record w/ ID 5): wp dologin del 5 How GeoLocation works When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist/blacklist to decide if allow login attempts. Privacy The online IP lookup service is provided by https://www.doapi.us. The provider’s privacy policy is https://www.doapi.us/privacy. Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.