71
Wordfence Login Security
A reliable 2FA tool that is slowly walking toward the exit.
GrowingPoor rating
71/100
It provides reliable 2FA but lacks basic brute force protection and is being phased out.
Active installs
~75,000
our estimate · wp.org shows 70k+
Rating
3.9★
26 ratings
Trend · vs a year ago
+8%
Growing
289 → 312 installs/day
What to watch out for
- MINORverified rating is 3.88★
- MINORreviews unevenly distributed over time
Downloads over time
real new installs per day · release spikes shown separately from the trend2025-04-302025-08-082025-11-162026-02-232026-06-03
organicrelease spikerelease tailorganic trend · 14d rolling median
Growing · +8% in the last year
289/day a year ago→312/day today
Reviews
what people actually sayWordfence Login Security is a lightweight, free 2FA plugin that users appreciate for its simplicity and WooCommerce compatibility, but it is widely criticized for missing fundamental login security features and having notable functional limitations.
What people like
- +Provides free 2FA that works reliably for basic use cases×4
- +Works well alongside the full Wordfence plugin and integrates with WooCommerce×2
Common complaints
- −No brute-force protection or login attempt limiting, which reviewers consider a basic security requirement×3
- −Non-admin users cannot set up 2FA — requires admin-level capabilities, making it unsuitable for multi-user sites
- −Does not verify logins submitted via wp_login_form on the frontend, limiting usefulness beyond simple sites
- −No login URL obfuscation feature, requiring a separate plugin to cover that gap
- −2FA setup screen reportedly does not appear on WordPress 6, making the plugin non-functional for some users
- −Lacks password complexity requirements and other modern security hardening features
- −Developer is reportedly pushing users toward the full Wordfence plugin rather than maintaining this as a standalone lightweight option
- −At least one user reported a successful site hack despite 2FA being active, raising questions about real-world effectiveness
Review trustReviews look organic
- 3.88★Verified rating — holds steady vs the raw 3.90★
- 0%One-shot reviewers — most reviewers are active community members
Reviews per month · 5★ vs lower
2023-09-182025-02-092026-06-04
5★ reviews1–4★ reviews
All-time ratings · 26 total
Latest reviews · 26 analyzed
- 2026-05-20★★★★★Rug-pulling this feature pluginsprucelydesigned
- 2026-02-27★★★★★I was hackedteddiesbyll
- 2025-07-15★★★★★Too much load for a simple 2FA pluginAmie
- 2025-02-22★★★★★Great integration with WooCommercefenvi
- 2024-11-01★★★★★100% lockmaxim23
- 2024-06-13★★★★★Simple yet practical plugin.O.P.
- 2024-02-06★★★★★Best lightweight login security pluginJuanzo
- 2024-02-04★★★★★A merely 2FA and Captcha pluginwellshot
- 2023-11-16★★★★★ExcellentJeremy
- 2023-08-30★★★★★Einfach und gutJonas
Releases
recent versions from WordPress.org SVNAlternatives to Wordfence Login Security
Top Security plugins, ranked by score.For developers & the curious
the raw signals behind the grade — none of this is on the friendly summary aboveDownload signals
Baselines are computed on organic days only — release spikes and their tails are excluded, so they're not inflated by the auto-update wave.
581
Baseline · median of last 7 organic days
685
Prior 7-day baseline
422
Floor · 25th percentile over 14 days
1,448
Mean release-day peak (30d)
538
Latest day · 2026-06-03(organic)
-15.2%
Week-over-week organic trend
Review signals
Concentration and drive-by metrics drive the review-burst and fake-review flags. 30–40% solo reviewers is normal; we only flag the extremes.
20%
Max month share · biggest single 30-day window
1.75
Distribution CV · <0.6 even, >1.5 bursty
54%
5★ share in analyzed sample
0%
Solo reviewers · only this one wp.org activity
—
Volume velocity · last 6mo vs prior 6mo
3.88 → 3.88★
Sample avg · raw → solo-filtered