Title: Authica Author: Emil Simunovic Published: September 21, 2025 Last modified: May 23, 2026 --- Search plugins ![](https://ps.w.org/authica/assets/banner-772x250.jpg?rev=3544806) ![](https://ps.w.org/authica/assets/icon-256x256.png?rev=3365397) # Authica By [Emil Simunovic](https://profiles.wordpress.org/emilsim/) [Download](https://downloads.wordpress.org/plugin/authica.3.3.1.zip) * [Details](https://pcd.wordpress.org/plugins/authica/#description) * [Reviews](https://pcd.wordpress.org/plugins/authica/#reviews) * [Installation](https://pcd.wordpress.org/plugins/authica/#installation) * [Development](https://pcd.wordpress.org/plugins/authica/#developers) [Support](https://wordpress.org/support/plugin/authica/) ## Description Authica™ is a WordPress login security and login customization plugin built for site owners, agencies, and developers who want a safer, more professional login experience. Use Authica to customize the WordPress login page, protect login forms with Cloudflare Turnstile, add two-factor authentication, reduce brute force attacks, hide or rename wp-login.php, manage login redirects, restrict login access by IP, and monitor login activity with security logs and reports. Instead of using separate plugins for login branding, CAPTCHA, 2FA, brute force protection, login redirects, hide login, and activity logs, Authica brings these features together in one polished WordPress admin experience. Highlights: #### WordPress Login Customization Customize the default WordPress login page with your own logo, background, colors, overlays, typography, Google Fonts, welcome messages, error messages, and responsive layout controls. #### Cloudflare Turnstile Bot Protection Protect WordPress login, registration, and password reset forms with privacy-focused Cloudflare Turnstile verification. #### Two-Factor Authentication for WordPress Add app-based TOTP two-factor authentication to improve account security for administrators, users, and client sites. #### Hide or Rename wp-login.php Move the default WordPress login URL away from automated bot targets and reduce noise from common brute force attempts. #### Brute Force Protection Limit repeated failed login attempts and help protect accounts from password guessing and credential stuffing attacks. #### Web Application Firewall Inspect incoming requests for suspicious patterns such as SQL injection, cross-site scripting, path traversal, remote code execution, sensitive file probes, scanner traffic, and known malicious user-agents. #### IP Restriction Create allow, deny, and stealth access rules for login protection based on IP addresses or IP ranges. #### Login Activity Logs and Security Reports Monitor login attempts, blocked events, user activity, countries, IP addresses, and suspicious login behavior from the Authica dashboard. #### Login and Logout Redirect Rules Send users to the correct page after login or logout with simple redirect controls and role-based flows. #### Email Verification Require users to confirm their email address before signing in, helping reduce fake accounts, spam registrations, and bot-created users. #### Modern Authica Admin UI Manage login security and login branding from a polished, consistent WordPress admin interface built for agencies and serious site owners. Authica Free includes full visual branding tools plus core security features. Upgrade to Authica Pro for advanced controls and premium protections. Learn more: [https://authica.net](https://authica.net) ### Contributors emilsim (Emil Simunovic) ### Features #### Login Branding and Design * Custom logo * Background image and color controls * Overlay controls * Form styling * Button styling * Input styling * Google Fonts * Custom welcome and error messages * Mobile-friendly login layout * Live preview through the WordPress Customizer #### Login Security * Cloudflare Turnstile bot protection * Brute force protection * Web Application Firewall * Two-factor authentication / TOTP * Hide or rename wp-login.php * IP restriction rules * Email verification * Login activity logs * Security reports and alerts #### Login Flow Controls * Login redirects * Logout redirects * Role-based redirect support * Magic link controls * Passkey * Social Login * AJAX-powered login form #### Agency and Professional Features * Polished Authica admin interface * Client-friendly login branding * Security reporting * White-label mode in Pro * Premium support in Pro ### Privacy This plugin uses an optional opt-in to collect **non-sensitive diagnostic data** and plugin usage information to help improve the product. The opt-in is presented on first use and can be changed at any time under **Authica Account**. Collected data may include: WordPress/site version, language, plugin/theme list and versions, admin email (for license/updates), and anonymized site URL. **No personal content or passwords are collected.** Data is processed by our licensing/telemetry provider and by us for support and update delivery. • Provider’s Privacy & Terms: https://freemius.com/privacy/ , https://freemius.com/terms/ If you choose not to opt in, only the information required to deliver updates to your site is stored (license/installation ID, if you activate a license). ### External services #### Cloudflare Turnstile (human verification) This plugin can integrate with Cloudflare Turnstile to protect login, registration, and password-reset forms from automated abuse. • What is it used for? Turnstile provides a human verification widget to reduce bot signups and credential-stuffing attempts. • What data is sent and when? – On pages where the widget is shown, the Turnstile JavaScript file is loaded from https://challenges.cloudflare.com/turnstile/v0/api. js. When loaded, Cloudflare may receive standard browser/connection data (e.g., IP address, user agent, referrer) and evaluate device/browser signals to determine risk, per Cloudflare’s documentation. – When a verification token is produced by the widget, your WordPress site makes a server-to-server request to: https://challenges. cloudflare.com/turnstile/v0/siteverify The server-to-server verification includes the user’s response token and your secret key. When a valid client IP is available, the optional remoteip value may also be sent to Cloudflare to improve verification accuracy. • Where can I learn more? – Cloudflare Turnstile: https://www.cloudflare.com/products/ turnstile/ – Turnstile docs: https://developers.cloudflare.com/turnstile/ – Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/ – Cloudflare Terms of Service: https://www.cloudflare.com/terms/ • How do I disable it? Turnstile integrations can be disabled at **Authica Turnstile& Edge Security**, which stops the widget from loading and the verification endpoint from being called. #### jsDelivr (Chart.js fallback, admin-only) For the admin “Captcha Statistics” chart, this plugin prefers a local copy of Chart. js (bundled in `assets/vendor/chart.js/`). If the local file is not present, it falls back to loading Chart.js from: https://cdn.jsdelivr.net/npm/chart.js@4.4.3/ dist/chart.umd.min.js • What data is sent? Only the administrator’s browser requests the static script file from the CDN. No user content or personal data is transmitted by this plugin as part of that request. • How do I avoid the CDN? Keep the local file at `assets/vendor/chart.js/chart. umd.min.js` so the fallback is not used. #### Email delivery This plugin uses WordPress `wp_mail()` to send email verification messages. Mail delivery is handled by your hosting provider or any SMTP/email plugin you configure. If you connect a third-party email service (e.g., via an SMTP plugin), that service’s privacy terms apply. This plugin does not send verification data to any email vendor on its own. ### Creator Program We invite WordPress creators to publish an honest Authica walkthrough on YouTube( no positive review required). Find out more: [authica.net/creator-program](https://authica.net/creator-program/) ### Trademark Authica™ is a trademark claimed by Emil Simunovic. Registration pending. WordPress is a registered trademark of the WordPress Foundation, used under license. ## Screenshots * [[ * Authica custom WordPress login page with branded background, logo, form styling, and modern login layout. * [[ * Authica dashboard showing login security status, activity, reports, and quick access to protection modules. * [[ * Cloudflare Turnstile settings for protecting WordPress login, registration, and password reset forms. * [[ * Hide WP Login settings for renaming wp-login.php and reducing automated login attacks. * [[ * Two-factor authentication settings with TOTP protection and trusted device controls. * [[ * Brute force protection settings for limiting repeated failed login attempts. * [[ * Logging, reports, and alerts showing login events, blocked activity, IPs, countries, and security summaries. * [[ * IP restriction controls for allow, deny, and stealth login access rules. * [[ * Web Application Firewall settings for SQL injection, XSS, path traversal, RCE, scanner probes, malicious user-agents, block responses, exclusions, and WAF statistics. * [[ * Security Checkup showing the Login Protection Score, configured protections, access controls, threat detection, monitoring, alerts, and recovery tools. ## Installation 1. Upload the `authica` folder to `/wp-content/plugins/` 2. Activate the plugin via **Plugins Installed Plugins** 3. Go to **Authica Form Appearance** to customize your login form 4. Configure other features as needed For complete documentation, visit: [https://authica.net/documentation](https://authica.net/documentation) ## FAQ ### Does Authica slow my site? No. Authica is optimized for speed and loads only on login-related pages. It won’t affect your theme, frontend performance, or page speed scores. ### Which CAPTCHA solutions do you support? Authica supports: – Cloudflare Turnstile ### Do you support email verification? Yes, Authica Pro includes **email verification** for new registrations to reduce spam and bots. ### Can I customize the WordPress login page with Authica? Yes. Authica lets you customize the WordPress login page with your own logo, background, colors, overlays, typography, Google Fonts, messages, and layout options. ### Does Authica support Cloudflare Turnstile? Yes. Authica supports Cloudflare Turnstile for login protection and bot prevention on supported WordPress authentication forms. ### Can Authica hide or rename wp-login.php? Yes. Authica Pro can hide or rename the default WordPress login URL to reduce automated login attacks against wp-login.php. ### Does Authica include brute force protection? Yes. Authica includes brute force protection controls to help limit repeated failed login attempts. ### Does Authica include two-factor authentication? Yes. Authica Pro includes app-based TOTP two-factor authentication for stronger WordPress account security. ### Is Authica useful for agencies? Yes. Authica is built for agencies and developers who want branded client login pages combined with practical login security features. ### Do you have a Pro version? Yes. **Authica Pro** unlocks: – Email Verification – Bot Protection Turnstile integration– Hide/Rename wp-login.php _(Pro)_ – Redirect Rules – IP Restriction – Brute Force Protection – Two-Factor Authentication (TOTP) – Security Logs & Alerts – White-label mode – Premium support [Learn more here ](https://authica.net) ## Reviews ![](https://secure.gravatar.com/avatar/1e0b6619c2dbf7753d420a4a5cb5621db3c73bd216430cf07a5a7642a524954a? s=60&d=retro&r=g) ### 󠀁[I like the interface](https://wordpress.org/support/topic/i-like-the-interface-3/)󠁿 [sloscheider](https://profiles.wordpress.org/sloscheider/) February 8, 2026 1 reply I’ve been using this plugin for a few days now and am really impressed. The developer is very quick to respond to questions and concerns. I do like the interface. ——- This appears to be a good option for login security. I like the straight forward interface and Cloudflare Turnstyle was incredily easy to configure. At this point i only have the single site license but if all goes well I’ll upgrade my license to the 5 site option and implement this on my other sites. [ Read all 1 review ](https://wordpress.org/support/plugin/authica/reviews/) ## Contributors & Developers “Authica” is open source software. The following people have contributed to this plugin. Contributors * [ Emil Simunovic ](https://profiles.wordpress.org/emilsim/) * [ Freemius ](https://profiles.wordpress.org/freemius/) [Translate “Authica” into your language.](https://translate.wordpress.org/projects/wp-plugins/authica) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/authica/), check out the [SVN repository](https://plugins.svn.wordpress.org/authica/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/authica/) by [RSS](https://plugins.trac.wordpress.org/log/authica/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 3.3.1 Released: 2026-05-23 * Improved Appearance Customizer transition by preventing empty sidebar flashes and synchronizing Authica, WordPress admin sidebar, and top bar fade animations. * Fixed unwanted white outline boxes appearing around login form text elements in the Customizer live preview when changing Form Text font settings.* Fixed IP Restriction table alignment so country codes and IP/CIDR values stay vertically aligned in Allow, Deny, and Stealth 404 lists under newer WordPress admin styles.* General improvements and bug fixes. #### 3.3.0 Released: 2026-05-21 * Added Web Application Firewall (WAF) with configurable firewall rules, sensitivity/mode controls, exclusions, block responses, WAF statistics, Recent Activity / Security Reports integration, alert support, and optional IP Restriction deny-list escalation. * Added Security Checkup with a login protection score, setup progress, grouped security recommendations, status-based scoring, dashboard summary card, and guidance for improving Authica protection coverage. * General improvements and bug fixes. #### 3.2.4 Released: 2026-05-06 * Fixed PHP debug warnings on Appearance/Customizer screens caused by stale or orphaned Authica preview page menu references. * Fixed expected AJAX login failures returning HTTP 401; invalid username/password and verification errors now return a normal JSON error response so Authica can show the message without browser console noise. #### 3.2.3 Released: 2026-05-06 * Fixed Google Fonts enable/disable behavior in the Customizer so all font family dropdowns update instantly without requiring a manual refresh.* Standardized Customizer font family dropdown sources so Form Inputs and Form Buttons now use the same font groups and labels as the rest of the login form font controls.* Improved Customizer Google Fonts UI rendering so long font lists and preview areas display correctly and use the available panel space. * Added a new CSS Background option in the login Customizer with 30 preset CSS background effects, custom CSS background support, live preview updates and opacity control. * Fixed Customizer/ login message positioning so messages now consistently align with the live form height after layout, font, and field changes. * Added new Follow Form message style.* General improvements and bug fixes. #### 3.2.2 Released: 2026-04-29 * Added a Manually Verify User action to the Email Verification Unverified Users hamburger menu [PRO]. * Added contextual Documentation buttons across Authica admin pages. * Fixed IP Restriction AJAX handling so blocked login attempts return the configured block message instead of a generic “Something went wrong” error when Admin area (wp-admin) enforcement is enabled [PRO]. * General improvements and bug fixes. #### 3.2.1 Released: 2026-04-23 * Fix Backup page width. * CSS fixes on Linux Firefox and Chrome. * General improvements and bug fixes. #### 3.2.0 Released: 2026-04-15 * Added Activity Reports widget to the Dashboard [PRO]. * Changed “Soft Block” button text to “404 Block” in the Activity table [PRO]. * Customizer: replaced Form Inputs Input Dimensions single Corner Radius control with per-corner radius controls. * Customizer: replaced Form Button Button Dimensions single Corner Radius control with per-corner button radius controls. * Updated Social Login buttons to follow the Form Button per-corner radius values. * General improvements and bug fixes. #### 3.1.0 Released: 2026-04-10 * Added Security Reports widget to the Dashboard with live donut charts [PRO]. * Added 14-day free Pro trial for the Single Site plan. * General improvements and bug fixes. #### 3.0.0 Released: 2026-04-06 * Introduced the all-new Authica UI across the plugin, with a unified design system, shared UI library, improved consistency, and a more polished admin experience. * General improvements and bug fixes. #### 2.4.5 Released: 2026-03-16 * Fixed Logging & Alerts not showing in Free version. #### 2.4.4 Released: 2026-03-16 * Removed Logging & Alerts from the left WordPress admin menu.* CSS admin fixes. * General improvements and bug fixes. #### 2.4.3 Released: 2026-03-15 * Moved the Turnstile widget placeholder above the Captcha Size slider. * Redesigned the Logging & Alerts area, improved Recent Activity filtering, new Reports and Exports tabs, cleaner table/layout styling, and full Backup & Restore support. * General improvements and bug fixes. #### 2.4.2 Released: 2026-03-12 * Fixed hamburger menu loading on Email Verification and Magic Links admin pages. * General improvements and bug fixes. #### 2.4.1 Released: 2026-03-12 * Fixed welcome/error messages position in some cases. * Added dashboard notes with multi-tab support. * Admin CSS fixes. * General improvements and bug fixes. #### 2.4.0 Released: 2026-03-10 * Added Magic Login module with per-user passwordless links, policy/expiry controls, and dashboard status [PRO]. * Added the new Passkey module with support for passwordless sign-in and enrolled user/device tracking [PRO]. * Added password visibility toggle to the Register form using the eye icon. * Fixed Social login buttons are now disabled until CAPTCHA/Turnstile is successfully solved( same behavior as the Login button) [PRO]. * General improvements and bug fixes. #### 2.3.2 Released: 2026-03-02 * Added Messages Font controls (Font Family, Text Color, Font Size slider) for Authica welcome/error messages. * Added Messages Background controls( Background Color, Border Color, Border Size slider, Border Opacity slider). * Added Overlay Border section to Form Style (Border Color, Border Size slider, Border Opacity slider). * Added in Minimal message style, “Background Color” now controls shadow color (Minimal remains font + shadow only). * Added Title Text Line Height control( slider) for finer spacing and readability. * Added independent Form Overlay corner- radius controls (Top Left/Top Right/Bottom Right/Bottom Left) with live preview support. * Fixed and unified Customizer font dropdown lists for more consistent display and behavior. * Fixed: Input border thickness no longer resets in live preview when typing or changing border colors. * Enforced stronger password rules (minimum length + strength checks) and blocked reusing the current password during password changes/resets. * General improvements and bug fixes. #### 2.3.1 Released: 2026-02-25 * Added Author Slug options in Users/Profile [PRO]. * Added Authica WordPress Dashboard Security Overview Widget [PRO]. * Added Country code before IP address in Recent Activity [PRO]. * Added Hardening tab in Brute Force Protection with XML-RPC hardening controls [PRO]. * Authica login form CSS fixes.* Fixed login button radius in some cases/themes. * Improved Turnstile Analytics “ Check” button: you can now test Cloudflare Analytics credentials before enabling and saving the feature. * General improvements and bug fixes. #### 2.3.0 Released: 2026-02-19 * Added Social Login. * General improvements and bug fixes. #### 2.2.2 Released: 2026-02-11 * Removed Authica preview page from navigation menu. #### 2.2.1 Released: 2026-02-10 * Improved: Prevented the Authica preview page from affecting WordPress page selectors (including Settings Reading static homepage selection) on some setups * General improvements and bug fixes. #### 2.2.0 Released: 2026-02-08 * Added Geo Access Control (Local / Cloudflare modes) [PRO].* CSS fixes for small screen devices. * General improvements and bug fixes. #### 2.1.1 Released: 2026-01-23 * Improved Recent Activity log readability [PRO]. * Fixed Logout Redirect always returning to the login page [PRO]. * Fixed Emergency Lockout card showing wrong info [PRO]. * General improvements and bug fixes. #### 2.1.0 Released: 2026-01-19 * Improved logging table installation/repair logic [PRO]. * Added Username Protection: decoy-username detection that sends the IP to Stealth 404 after a single failed login attempt [PRO]. * General improvements and bug fixes. #### 2.0.1 Released: 2026-01-14 * Fixed tab links and back button on Brute Force page. #### 2.0.0 Released: 2026-01-14 * New SaaS-style admin interface. * Functionality and behavior changes. * Fixed Brute Stealth 404 list cleaning time [PRO]. * General improvements and bug fixes. #### 1.5.0 Released: 2026-01-04 * Fixed loading intervals for Turnstile Analytics (GraphQL)[ PRO]. * General improvements and bug fixes. #### 1.4.1 Released: 2025-12-30 * Added Turnstile Analytics (GraphQL) [PRO]. * General improvements and bug fixes. #### 1.4.0 Released: 2025-12-24 * Allow user to login only from specific IPs [PRO]. * Added Emergency Lockout [PRO]. * General improvements and bug fixes. #### 1.3.2 Released: 2025-12-17 * Fixed date/time in Logging & Alerts [PRO]. * Added more Google fonts. * General improvements and bug fixes. #### 1.3.1 Released: 2025-12-14 * Added Stealth 404 protection [PRO]. * Added Auto-expire brute-force blocks [PRO]. * Added reset for Brute Force and Stealth 404 counters[ PRO]. * Fixed date/time for deny list to follow WP date/time [PRO]. * General improvements and bug fixes. #### 1.3.0 Released: 2025-12-10 * Added Two-factor authentication (TOTP) [PRO]. * Smooth up animations with different classes * General improvements and bug fixes. #### 1.2.1 Released: 2025-12-07 * Added Brute Force Protection [PRO]. * Upgraded Logging to show Brute Force actions [PRO]. * General improvements and bug fixes. #### 1.2.0 Released: 2025-12-05 * Added IP restriction rules [PRO]. * Added Logging & Alerts[ PRO]. * General improvements and bug fixes. #### 1.1.3 Released: 2025-12-02 * Fixed some fonts not showing properly in customizer and mobile. * Tested on WordPress 6.9 * General improvements and bug fixes. #### 1.1.2 Released: 2025-11-12 * Freemius WordPress SDK 2.13.0 * Fixed register and lost password forms title text not updating in live preview. * Fixed login form opacity error on publish. * General improvements and bug fixes. #### 1.1.1 Released: 2025-11-12 * Fixed form width on initial show in customizer. * General improvements and bug fixes. #### 1.1.0 Released: 2025-11-10 * Update: Bundled Chart.js to v4.5.1 (MIT). * Dev: Included Chart.js LICENSE with vendor files. * Redirect Rules after login / Logout [PRO].* General improvements. #### 1.0.5 Released: 2025-10-29 * Added Hide direct access to wp-login.php [PRO]. * Added Custom slug for login page [PRO]. * Fixed some bugs with restore. * General improvements. #### 1.0.4 Released: 2025-10-06 * Freemius fix with free version. #### 1.0.3 Released: 2025-10-06 * Registration verification links are now short and encrypted by default [PRO]. * Fixed consistent gap on Captcha [PRO]. * General improvements. #### 1.0.2 Released: 2025-10-04 * Form can be now moved horizontally. * Fixed duplicated Logo in some cases. * General improvements. #### 1.0.1 Released: 2025-10-02 * Optimized AJAX login. * Fixed Login form size on mobile for some themes. * General improvements. #### 1.0.0 Released: 2025-10-01 * Initial release with branded login, email verification and Turnstile captcha. ## Meta * Version **3.3.1** * Last updated **2 days ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/authica/) * Tags * [2FA](https://pcd.wordpress.org/plugins/tags/2fa/)[Brute Force](https://pcd.wordpress.org/plugins/tags/brute-force/) [firewall](https://pcd.wordpress.org/plugins/tags/firewall/)[login security](https://pcd.wordpress.org/plugins/tags/login-security/) [turnstile](https://pcd.wordpress.org/plugins/tags/turnstile/) * [Advanced View](https://pcd.wordpress.org/plugins/authica/advanced/) ## Ratings 5 out of 5 stars. * [ 1 5-star review ](https://wordpress.org/support/plugin/authica/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/authica/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/authica/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/authica/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/authica/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/authica/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/authica/reviews/) ## Contributors * [ Emil Simunovic ](https://profiles.wordpress.org/emilsim/) * [ Freemius ](https://profiles.wordpress.org/freemius/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/authica/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://authica.net/)