Description
Login Obfuscator makes your login responses more unpredictable to brute-force bots. It adds a subtle security layer by sending an HTTP 403 Forbidden status on failed login attempts, confusing automated attacks that expect standard 200 or 302 responses.
This plugin is simple and silent:
* No configuration required
* No user interface
* Works automatically on activation
Why it works:
* Bots rely on predictable responses (200 = fail, 302 = success)
* A 403 status confuses many automated scripts
* Some bots slow down or stop attacking altogether
Screenshots
screenshot-1.png – How it works. 
screenshot-2.png – Example of a failed login HTTP 403 response (shown in browser dev tools).
Installation
- Upload the plugin files to the
/wp-content/plugins/login-obfuscatordirectory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress.
- Done — there are no settings or UI.
Reviews
Contributors & Developers
“Login Obfuscator” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Login Obfuscator” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.2
- Minor fixes and code cleanup
1.0
- Initial release: sends HTTP 403 on failed login attempts