Oriole One Master Guard is a lightweight, all-in-one security plugin for WordPress. It protects your site against brute-force login attacks, hardens common WordPress attack surfaces, and gives you full control over your security configuration from a clean admin interface — all without touching WordPress core files.

Whether you run a personal blog, a business site, or manage WordPress for clients, Oriole One Master Guard is designed to be straightforward to configure and effective out of the box.

Who Is This For?

Site owners who want meaningful login protection without relying on a large, bloated security suite.
Developers who need a practical hardening toolkit with sensible defaults they can tune.
Agencies managing multiple WordPress installations who need reliable, low-maintenance protection.

What It Does

Brute-Force Login Protection
Limits the number of failed login attempts allowed from a given IP address or username within a configurable time window. Once the threshold is reached, the account is temporarily locked and further attempts are blocked. A replay-safe token system ensures that hitting the browser back button or refreshing after a failed attempt does not count as additional attempts.

Security Hardening
A dedicated Hardening tab lets you enable or disable individual hardening features with a single checkbox. The plugin applies these protections directly using standard WordPress hooks and filters, keeping the setup simple and safe.

Hardening options include:

Block XML-RPC requests site-wide
Remove the users provider from WordPress sitemaps
Return HTTP 404 for author archive pages and prevent username enumeration via ?author=N queries
Restrict the /wp-json/wp/v2/users REST endpoint to logged-in users with the list_users capability
Remove the WordPress version tag, RSD link, WLW manifest, oEmbed discovery links, and REST API head link
Add a noindex, follow meta tag to category, tag, and author archive pages

Code Preview
The Code Preview tab shows the generated reference snippets that correspond to your current hardening settings. This output is read-only and provided for transparency only. The plugin does not ask administrators to paste or save arbitrary PHP, JavaScript, or CSS.

Failed Login Audit Log
Every lockout is recorded in a persistent audit table showing the blocked username, IP address, geolocation country, number of attempts, and the time the block was placed and will expire. Individual entries can be removed, or the entire log can be cleared with one click.

Why Choose Oriole One Master Guard?

Focused and lightweight — does exactly what the name says with no unnecessary bulk.
Transparent — the hardening behavior is clearly visible in the admin and not hidden in plugin internals.
Non-destructive — uses WordPress hooks and the Settings API only; never modifies core files or theme files.
Auditable — every lockout event is logged so you always know what happened and when.

Requirements

WordPress: 6.4 or higher
PHP: 8.0 or higher

Support

For questions, bug reports, or feature requests, please use the support forum on the plugin’s WordPress.org page. When reporting a bug, include your WordPress version, PHP version, and a description of the steps to reproduce the issue.