Opis

Boost Your Website’s Security with Login/Signup Security, Two-Factor Email Authentication, Login/Logout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.

Highlighted Features

Two-Factor Authentication for Login
Magic Login via Email
Social Login / Register
Limit Login Attempts
Dynamic Login Redirects
Detailed Audit Logs
Core Security Enhancement
Security Email Notifications
Super Fast Solution
Restrict /wp-admin for low level user roles

What’s new in version 2.0

🚀 Two-Factor Authentication for Login
Ensure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator / Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.

🚀 Magic Login via Email
Simplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.

🚀 Social Login / Register
Allow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.

🚀 Limit Login Attempts
Protect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.

🚀 Dynamic Login Redirects
Easily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.

🚀 Detailed Audit Logs
Track exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.

🚀 Core Security Enhancement
XML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.

🚀 Security Email Notifications
As a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.

🚀 Super Fast Solution
We’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.

🚀 Restrict /wp-admin for low level user roles
If you want to restrict /wp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict /wp-admin access.

🚀 Customize WordPress Signup Emails
Customize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.

🚀 Custom Login/Signup Shortcodes
Create custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.

🚀 Disable Admin Email Notifications on User Signup
Disable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.

🚀 Scan WordPress Core File Changes
FluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.

Why FluentAuth?

To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.

Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.

To Solve these issues, we decided to build FluentAuth and made it free.

Replace Multiple Plugins with FluentAuth

FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins

For Login Limit and ban brute force attacks

Limit Login Attempts Reloaded
WPS Limit Login

For Login & Logout Redirections

LoginWP (Formerly Peter’s Login Redirect)
Sky Login Redirect
WP Login and Logout Redirect

For Login & Logout Redirections

LoginWP (Formerly Peter’s Login Redirect)
Sky Login Redirect
WP Login and Logout Redirect

For Hide Admin Bar and Access Restriction

Hide Admin Bar
Hide Admin Bar Based on User Roles
Auto Hide Admin Bar
Hide Admin Bar from Non-Admins

User Guides

Other Plugins By The Same Team

CONTRIBUTE

If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from Github.

Zrzuty ekranu

Login Security Settings — Reporting Dashboard

Instalacja

This section describes how to install the plugin and get it working.

Just search for FluentAuth in WordPress Plugins and click install and activate.

Upload the plugin files to the /wp-content/plugins/fluent-auth directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the \’Plugins\’ screen in WordPress
Use the FluentAuth -> Settings screen to configure the plugin

Najczęściej zadawane pytania

Is it a GDPR-Compliant?: All the data will be saved and managed into WordPress. it’s 100% GDPR-Compliant.
Will it is a performance issue for WordPress?: Absolutely not! From the very first, We were careful about this. It stores all the logs data in custom database tables, so it will not affect your WordPress database. We built the application with VueJS. Also, The Admin UI is super fast as It’s a SPA and communicates over ajax.

Recenzje

r0sc0 2026-06-15

This is a great plugin. Even better has been the support I have received from the team.

richard0508 2026-06-21

There is no way to customize the login and registration fields. Even when using the provided shortcuts, these pages still cannot be customized as needed. The documentation is so brief that it is difficult to find any truly useful information. After integrating Google Sign-In and Google Registration, users who register with a Google account get stuck on the login page and are never redirected, making the registration process unusable. FluentAuth customer service team didn’t solve my problem at all. They spent two whole weeks repeatedly telling me that I was just stuck on the login issue, which was a complete waste of my time. In the end, I had to fix it myself. The actual issue was that after completing the registration, the page cache got completely stuck and failed to pass the data to the account login. This caused an infinite loop on the login page, making it absolutely impossible to log in. This is clearly a flaw in your system’s design and has absolutely nothing to do with any third-party plugins.

DeepBlue 2026-04-29

Fluent Auth / Fluent Security is a nice security plugin with all the most important security features, but without the unecessary and the bloat

gfa7 2026-03-23

Got superior support for resolving a conflict and finding issues in somebody else’s code. Thanks again!

unknowncreative 2025-12-11

Over all it works and does a dam good jobonly current complaint/bug, is that login with google still requires a code to be sent and entered.Hope to see this plugin for years and years to come

zchas42 2025-11-08

I wanted to implement a login system with the requirement for users to enter an email code on login. This mitigates login sharing among users. Very effective, did the job perfectly. Raised one support ticket query which was responded to with a „right first time” solution within 24 hours. Very happy.

Przeczytaj 30 recenzji

Kontrybutorzy i deweloperzy

„FluentAuth – The Ultimate Authorization & Security Plugin for WordPress” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.

Wtyczka „FluentAuth – The Ultimate Authorization & Security Plugin for WordPress” została przetłumaczona na 8 języków. Podziękuj tłumaczom za ich wkład.

Przetłumacz wtyczkę “FluentAuth – The Ultimate Authorization & Security Plugin for WordPress” na swój język.

Interesuje cię rozwój wtyczki?

Przeglądaj kod, sprawdź repozytorium SVN lub czytaj dziennik rozwoju przez RSS.

Rejestr zmian

2.1.2 – Date: Apr 28, 2026

Hardened Security Scan and Settings endpoints with stricter input validation and sanitization
Sanitized social auth redirect cookie to prevent storing untrusted values
Added client token verification in Google One-Tap login for stronger identity checks
Fixed: Magic Login rate limiter incorrectly using days instead of minutes
Fixed: Login issue with GitHub social authentication
Fixed: Timezone mismatch in dashboard quick stats and audit log time differences
Fixed: canLogin filter ignoring falsy return values (now respects developer overrides)
Fixed: Sprintf positional argument syntax in digest email and removed a duplicate filter
Improved: Translation readiness — wrapped previously hard-coded admin UI strings with the translation helper and fixed typos / awkward phrasing across the dashboard, settings, security scan, server mode, and email customization screens
Improved: Internal test coverage and codebase reliability

2.1.1 – Date: Dec 03, 2025

Introducing One-Tap Login via Google Social Auth Connection
Improved Translation & Localization
Security: Improved Data Security and Sanitization and compitable with latest WordPress security standards
Bug Fixes and Performance Improvements

2.0.3 – Date: Jun 11, 2025

Typo and Smartcode fixed on Custom Emails
WP_Error Notice fixed

2.0.2 – Date: Jun 11, 2025

Fixed: Login Redirect Issue
Fixed Typo on Admin Menu
Fixed Styling Issues

2.0.0 – Date: Jun 09, 2025

Introduing Login/Signup Page Customizer
Added Login with Facebook
Added Syststem Emails Custimizations
Introducing WordPress Core Files Integrity Check
Configurable: One-Click Login via Email as primary login method
UI & UX Improvements
Disable Signup on social media connection when global signup is disabled

1.1.0 – Date: Dec 16, 2014

Added hooks for 3rd party developers
Improvement on Authentication flow

1.0.8 – Date: Dec 02, 2024

Added Additional Hooks for Regsitration and Signup
Improved UI & UX
Fixed translation issues

1.0.7 – Date: Jul 26, 2024

Added Email verification on User Regstration Flow
PHP 8.x compatability issue fixed
JS errors fixed on Magic Links Shortcodes

1.0.6 – Date: Jan 28, 2024

Fix Compatibility issue with PHP 8.x
Upgrade Internal Libraries
Improved Login with Google
Improved UI & UX

1.0.5 – Date: May 04, 2023

Added Login or Signup with Google Social Auth Connection
Magic Login URL token is now hashed to improve the security

1.0.4 – Date: Feb 04, 2023

Added Daily/Weekly/Monthly Email reporting Feature
Made Login Form as Custom (no login url expose)
Two-Factor Authentication Improvement

1.0.2 – Date: Dec 17, 2022

Fix UI issue on dashboard
Login with GitHub improvement
Do Two-Factor Authentication even for social login for selected user roles
Added more hooks for developers

1.0.2 – Date: Dec 16, 2022

Improved UI & UX
Added feature to block /wp-admin access and hide admin bar for low-level user roles
Fix conflict issue with LearnDash and other wp-users REST-API
Improved IP Address for login verification.

1.0.0 – Date: Dec 12, 2022

Initial Release

Great plugin, great support.

A half-baked system

Great Security plugin

Great help in debugging

Pretty Great Plugin

Superb for my use case