Title: NHR Secure – Login Security, Firewall, 2FA & Audit Log Author: Nazmul Hasan Robin Published: December 4, 2025 Last modified: February 7, 2026 --- Search plugins ![](https://ps.w.org/nhrrob-secure/assets/banner-772x250.png?rev=3436910) ![](https://ps.w.org/nhrrob-secure/assets/icon-256x256.png?rev=3431204) # NHR Secure – Login Security, Firewall, 2FA & Audit Log By [Nazmul Hasan Robin](https://profiles.wordpress.org/nhrrob/) [Download](https://downloads.wordpress.org/plugin/nhrrob-secure.1.3.1.zip) * [Details](https://pcd.wordpress.org/plugins/nhrrob-secure/#description) * [Reviews](https://pcd.wordpress.org/plugins/nhrrob-secure/#reviews) * [Installation](https://pcd.wordpress.org/plugins/nhrrob-secure/#installation) * [Development](https://pcd.wordpress.org/plugins/nhrrob-secure/#developers) [Support](https://wordpress.org/support/plugin/nhrrob-secure/) ## Description Keep your WordPress site safe with minimal effort. NHR Secure helps you: * Hide or protect your admin area from unauthorized access. * Limit login attempts to prevent brute-force attacks. * Hide debug logs to prevent sensitive information disclosure. * Add 2FA to your WordPress site. * Scan core files, plugins, and themes for known vulnerabilities. * Monitor site health with one-click security recommendations. * Protect against SQL injection, XSS, and LFI attacks. * Block malicious IPs and entire countries. ### **Features at a glance:** ### πŸ”’ Limit Login Attempts Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts. – Configurable attempt limit (1-20, default: 5) – Blocks based on IP + Username combination – Auto-unblock after 2 hours ### πŸ” Custom Login Page Hide wp-login.php and use a custom login URL. – Default custom URL: `/hidden-access- 52w` – Blocks direct access to wp-login.php and wp-admin for guests ### πŸ›‘οΈ Protect Debug Log File Blocks direct access to `/wp-content/debug.log` – Returns 403 Forbidden for all users ### βš™οΈ Modern Settings Page Configure everything from a beautiful React-powered interface. – Located under ** Tools NHR Secure** – **Dark Mode** support for comfortable viewing – Enable/disable each feature ### πŸ” Two-Factor Authentication (2FA) Enable two-factor authentication for users. – Support for **Authenticator Apps** and **Email OTP** – **Enforce 2FA** for specific user roles (e.g., Administrators)–** Recovery Codes** for emergency access – QR code setup for Authenticator Apps ### πŸ›‘οΈ Vulnerability Checker Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database. – Daily automatic scans – Alerts for critical security issues – Check file integrity ### πŸ–₯️ User Session Management Monitor and control active user sessions to prevent unauthorized access. – **View Active Sessions:** See IP, location, device, and login time for all logged-in users.–** Remote Logout:** Instantly log out suspicious sessions or all other devices. – ** Idle Timeout:** Automatically log out inactive users after a set period. ### 🧱 Hardening & Firewall Essential security hardening to lock down your WordPress site. – **Disable XML- RPC:** Prevent remote attacks and brute-force attempts. – **Disable File Editor:** Stop file modifications from the dashboard. – **Hide WP Version:** Obscure your WordPress version from attackers. – **Block User-Agents:** Prevent bad bots and scrapers from accessing your site. – **Disable User Enumeration:** Stop attackers from harvesting usernames via REST API. ### πŸ“ Activity Audit Log Keep a record of important security events on your site. – Tracks logins, failed attempts, file changes, and settings updates. – View user, IP, and event details.– Configurable log retention policy. ### πŸ₯ Security Health Check & One-Click Secure Get an instant overview of your site’s security posture. – **Security Score:** View your overall protection percentage and grade (A+ to F). – **Health Dashboard:** See which security features are active and which need attention. – **One-Click Secure:** Apply recommended security settings instantly. – **11 Security Checks:** Comprehensive analysis of your security status. ### πŸ›‘οΈ Advanced Firewall (IPS) Proactive intrusion prevention system that blocks malicious requests in real-time. –** SQL Injection Protection:** Detect and block SQLi attacks automatically. – **XSS Prevention:** Stop cross-site scripting attempts. – **LFI Protection:** Prevent local file inclusion attacks. – **Pattern Matching:** Advanced regex-based detection for common attack vectors. – **Automatic Blocking:** Suspicious requests are blocked before they reach WordPress. ### 🌍 IP & Country Management Control access to your site with granular IP and geographic filtering. – **IP Whitelist:** Allow trusted IPs to bypass all security filters. – **IP Blacklist:** Block malicious IPs permanently from your site. – **CIDR Support:** Use CIDR notation for blocking entire IP ranges (e.g., 192.168.1.0/24). – **Country Blocking:** Block access from 90+ countries using GeoIP lookup. – **Smart Caching:** GeoIP lookups are cached for 24 hours for optimal performance. – **Private IP Detection:** Automatically skip local/private IPs. ### ⚑ Lightweight & Minimal Designed to deliver maximum security with minimal code. No bloat, no complexity. – Compatible with most WordPress themes and plugins. ### External Services This plugin utilizes the [WPVulnerability](https://wpvulnerability.com/) API to check for vulnerabilities. – **Service:** WPVulnerability – **Data:** Only plugin slugs and versions are sent. No personal data is collected. ## Screenshots * [[ * Failed login attempts are blocked. * [[ * Custom login page. * [[ * Debug log is hidden. * [[ * Modern React-powered settings page. * [[ * Modern React-powered settings page – part 2. * [[ * 2FA setup in user profile. * [[ * 2FA setup in user profile – Email OTP. * [[ * 2FA setup in user profile – Recovery codes. * [[ * Dark mode support. ## Installation 1. Upload the `nhrrob-secure` plugin folder to your `/wp-content/plugins/` directory. 2. Activate the plugin through the β€˜Plugins’ menu in WordPress. 3. Navigate to **Tools NHR Secure** to configure settings. ## FAQ ### How do I access the settings page? Navigate to **Tools NHR Secure** in your WordPress admin dashboard. ### Does it limit login attempts? Yes. Repeated failed login attempts from the same IP will be temporarily blocked to prevent brute-force attacks. You can configure the limit (1-20 attempts) from the settings page. ### What is the default custom login URL? The default custom login URL is `/hidden-access-52w`. You can change this in the settings page under Tools NHR Secure. ### How does 2FA work? 2FA (Two-Factor Authentication) adds an extra layer of security to your WordPress site. When enabled, users must enter a code from their 2FA app (e.g., Google Authenticator, Authy) in addition to their username and password to log in. ### Can I disable specific features? Yes. You can enable or disable each feature from the settings page under Tools NHR Secure. ## Reviews There are no reviews for this plugin. ## Contributors & Developers β€œNHR Secure – Login Security, Firewall, 2FA & Audit Log” is open source software. The following people have contributed to this plugin. Contributors * [ Nazmul Hasan Robin ](https://profiles.wordpress.org/nhrrob/) [Translate β€œNHR Secure – Login Security, Firewall, 2FA & Audit Log” into your language.](https://translate.wordpress.org/projects/wp-plugins/nhrrob-secure) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/nhrrob-secure/), check out the [SVN repository](https://plugins.svn.wordpress.org/nhrrob-secure/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/nhrrob-secure/) by [RSS](https://plugins.trac.wordpress.org/log/nhrrob-secure/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.3.1 – 07/02/2026 * Fixed: Forced logout issue for 2FA users #### 1.3.0 – 28/01/2026 * Added: Security Health Check with scoring system (A+ to F grade) * Added: One-Click Secure feature to apply recommended settings instantly * Added: Advanced Firewall (IPS) with real-time protection against SQL Injection, XSS, and LFI attacks * Added: IP Management with Whitelist and Blacklist (CIDR support) * Added: Country Blocking for 90+ countries using GeoIP lookup with caching * Improved: Dark mode styling for all components * Improved: Overall security dashboard UI/UX #### 1.2.0 – 17/01/2026 * Added: User Session Management (View active sessions, remote logout, idle timeout) * Added: Hardening & Firewall (Disable XML-RPC, File Editor, Version Hiding, User Enumeration) * Added: User-Agent Blocking * Added: Audit Logs for security events * Fixed: Dark mode improvements * Improved: UI enhancements #### 1.1.0 – 13/01/2026 * Added: Vulnerability Checker * Added: File Scanner to check file integrity * Improved: UI for scan results * Few minor bug fixing & improvements #### 1.0.6 – 11/01/2026 * Fixed: Fatal error due to missing vendor files #### 1.0.5 – 11/01/2026 * Added: Email OTP feature * Added: Recovery codes for 2FA * Added: Enforce 2FA for specific roles * Added: Dark mode support * Few minor bug fixing & improvements #### 1.0.4 – 09/01/2026 * Added: Modern React-powered settings page under Tools NHR Secure * Added: Enable/disable all features from admin interface * Added: Configurable login attempts limit (1-20) * Added: Customizable login page URL from settings * Added: Two-factor authentication (2FA) feature #### 1.0.3 – 05/01/2026 * Added: Custom login page. * Added: Hide debug log. #### 1.0.2 – 04/12/2025 * Initial release. Cheers!! * Added plugin assets (icons, banners & screenshot). * Fixed fatal error related to function name. #### 1.0.1 – 30/11/2025 * Few minor bug fixing & improvements #### 1.0.0 – 23/10/2025 * Initial beta release. Cheers! ## Meta * Version **1.3.1** * Last updated **2 months ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/nhrrob-secure/) * Tags * [2FA](https://pcd.wordpress.org/plugins/tags/2fa/)[Debug log](https://pcd.wordpress.org/plugins/tags/debug-log/) [hide admin](https://pcd.wordpress.org/plugins/tags/hide-admin/)[login protection](https://pcd.wordpress.org/plugins/tags/login-protection/) [security](https://pcd.wordpress.org/plugins/tags/security/) * [Advanced View](https://pcd.wordpress.org/plugins/nhrrob-secure/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/nhrrob-secure/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/nhrrob-secure/reviews/) ## Contributors * [ Nazmul Hasan Robin ](https://profiles.wordpress.org/nhrrob/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/nhrrob-secure/)