Stop automated login attacks before they become a problem.
Forge Defence adds a stage-one honeypot to wp-login.php, tracks attacks in real time, and throttles repeated attempts. Upgrade to Pro for a hidden login URL gateway, CAPTCHA, hard blocking, country bans, alerts, exports, and more.
Startup offer: £15/year. Standard price will be £60/year after the offer ends.Why Forge Defence works
Multiple layers of protection that target automated traffic, without creating friction for legitimate users.
Honeypot-first defence
Stage-one honeypot uses a hidden field, timestamp, and cookie to identify automated form submissions early.
Real-time visibility
Monitor attacks as they happen, with dashboard summaries and login attempt logging (masked IP display in Free).
Configurable throttling
Soft-block throttles repeated login attempts using configurable thresholds and cooldowns, reducing server load.
Free vs Pro comparison
Start with Free today, then upgrade when you want stronger controls, more insight, and additional protection surfaces.
| Feature | Free | Pro |
|---|---|---|
| Stage-one honeypot on wp-login.php (hidden field + timestamp + cookie) | Included | Included |
| Real-time attack monitoring with dashboard summaries | Included | Included |
| Login attempt logging (masked IP display in Free tier) | Masked IP | Full IP + geolocation |
| Soft-block throttle with configurable thresholds/cooldown | Included | Included |
| Manual trusted IP list so staff traffic is excluded from throttles | Included | Included |
| Log retention controls with automatic cleanup | Included | Included |
| Settings UI for Limits, Honeypot, Logs, and General | Included | Included |
| Hidden login URL workflow with branded gateway | Not included | Included |
| Honeypot gateway challenge with custom prompt/answer | Not included | Included |
| CAPTCHA integration (reCAPTCHA v2/v3, hCaptcha) | Not included | Included |
| Hard IP blocking with configurable thresholds and durations | Not included | Included |
| Country banning (ISO code list) enforced on hidden slug and wp-login.php | Not included | Included |
| Trusted crawler allowlisting (Googlebot, Bingbot, custom CIDRs) with reverse DNS verification | Not included | Included |
| Identity masking: enforce staff aliases and replace usernames site-wide | Not included | Included |
| WooCommerce/front-end form protection using the same honeypot rules | Not included | Included |
| Email alerts for hard blocks and attack surges | Not included | Included |
| Full IP + geolocation visibility in logs, with CSV export | Not included | Included |
| Fake login trap escalation for repeated offenders | Not included | Included |
| Dashboard crawler analytics (last crawl, 24h visits, total served) | Not included | Included |
| Gateway branding controls (logo, headline, theme) | Not included | Included |
| Manual IP blocking/unblocking directly from the IP Logs tab (with dedicated Blocked IPs view) | Not included | Included |
What you get in the Free version
Ideal for most sites that want immediate protection and clear visibility without extra complexity.
Login protection
Stage-one honeypot on wp-login.php, plus configurable soft-block throttling.
Dashboard & logs
Attack monitoring with summaries, login attempt logging, and masked IP display.
Admin controls
Trusted IP list, retention controls with cleanup, and settings UI for Limits, Honeypot, Logs, and General.
Why upgrade to Pro
Pro adds stronger deterrence, broader protection (including front-end forms), and operational tooling for serious sites.
Hidden login gateway
Hidden login URL workflow with branded gateway, plus optional custom prompt/answer challenge.
Hard blocks & bans
Hard IP blocking, country banning, and allowlisting for trusted crawlers with reverse DNS verification.
Ops-grade visibility
Email alerts, full IP + geolocation logs, CSV export, crawler analytics, gateway branding, and manual block/unblock.
Frequently asked questions
Quick answers for admins evaluating Forge Defence for WordPress security and login protection.
Will Forge Defence slow down my WordPress site?
Forge Defence focuses on lightweight checks and only escalates when needed. Free provides honeypot + throttling + logging; Pro adds gateway flows and CAPTCHA that can be applied strategically.
What does “masked IP display” mean in the Free tier?
In Free, IPs are displayed in a privacy-preserving, partially masked format. Pro unlocks full IP visibility plus geolocation and CSV exports.
How does the hidden login URL workflow help?
Automated attacks commonly target default WordPress login endpoints. Pro lets you deploy a branded gateway and hidden login slug to reduce automated targeting and improve control.
Can I exclude staff and office IPs from throttles?
Yes. Both Free and Pro include a manual trusted IP list so staff traffic can be excluded from throttling rules.
What happens when the startup offer ends?
The Pro price is currently £15/year as a startup offer and will be £60/year after the offer ends.
Ready to protect your WordPress login?
Install Free in minutes, then upgrade to Pro when you need gateway + CAPTCHA + advanced blocking.