描述
Check Login Lite enhances your WordPress login security with multiple protective features:
- ✅ IP whitelist / blacklist management
- 🌍 Country-based access restrictions (up to 5 countries allowed)
- ✉️ Email alerts when unfamiliar IP logs in
- 💬 Discord webhook notification support
- 🔐 Pseudo Basic Authentication system for emergency lockdown
- 🧠 Automatic country list update
- 📜 Login history log
No need for advanced setup. Simple UI inside WordPress admin dashboard.
External Services
This plugin uses third-party services only to provide the features you configure.
1. countriesnow.space (country list generation)
- Service URL:
https://countriesnow.space/api/v0.1/countries - Used for: Building and refreshing the selectable country list used in admin settings.
- Data sent: No personal data is intentionally sent by the plugin for this request.
- When sent: On activation and when refreshing the country list file.
- Terms:
https://github.com/MartinsOnuoha/countriesNowAPI/blob/master/LICENSE - Privacy: A dedicated privacy policy URL is not publicly provided by this service provider as of March 23, 2026.
- Additional references:
https://countriesnow.space//https://documenter.getpostman.com/view/1134062/T1LJjU52?version=latest
2. freeipapi.com (IP geolocation)
- Service URL pattern:
https://free.freeipapi.com/api/json/{IP} - Used for: Determining country from IP for admin access restriction and login alert context.
- Data sent: The IP address being checked (current request IP).
- When sent: During admin access checks, settings page rendering, and login alert evaluation.
- Terms:
https://freeipapi.com/terms - Privacy:
https://freeipapi.com/privacy
3. Notification providers (optional, admin-configured)
- Services: Discord Webhook, Slack Webhook, Chatwork API
- Used for: Sending security alert messages and emergency authentication credentials.
- Data sent: Site URL, username, login IP/country, emergency token/URL, and configured message body.
- When sent: Only when an alert/security event occurs and the corresponding provider is configured.
- Discord Terms/Privacy:
https://discord.com/terms/https://discord.com/privacy - Slack Terms/Privacy:
https://slack.com/terms-of-service/https://slack.com/privacy-policy - Chatwork Terms/Privacy:
https://go.chatwork.com/en/terms.html/https://go.chatwork.com/en/privacy.html
This plugin does not include behavioral tracking or analytics for end users by default. Notification delivery is administrator-configured and event-driven.
安装
- Upload the plugin folder to
/wp-content/plugins/check-login-lite - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Settings > Check Login Lite in the admin panel
- Configure IP whitelist/blacklist, country restrictions, and alert destinations.
常见问题
-
Will this block me from logging in if I make a mistake?
-
No. The plugin always allows access from IPs in your whitelist, regardless of country settings.
-
What if I forget my Basic Auth credentials?
-
The pseudo Basic Auth expires automatically in 24 hours or after successful login.
-
Does it work on multisite?
-
Currently, this plugin is tested only in single-site installations.
-
Does this plugin support Slack or Chatwork notifications?
-
Yes. In addition to email and Discord, you can configure Slack Webhook and Chatwork API to receive login alerts and emergency authentication credentials.
-
What is the Pseudo Basic Authentication feature?
-
It is an emergency lockdown feature that adds a login form in front of wp-login.php and wp-admin when triggered. All users are forcefully logged out and a temporary token/password is sent via your configured notification channels. It expires automatically after 24 hours or upon successful login.
评价
此插件暂无评价。
贡献者及开发者
更新日志
1.0.0
- Initial release