このページは日本語でもご覧いただけます → 日本語
A security plugin that protects your WordPress login screen from unauthorized access and spam with up to 4 layers of defense.
⚠️ This plugin is designed to eliminate spam and unauthorized access to your login screen as much as possible. Please also take additional security measures, such as optimizing your server settings and keeping WordPress up to date.
🔒 Login Flow
| Gate |
What happens |
| 1st Gate |
Access your custom login URL |
| 2nd Gate |
Answer the login story question + enter your username |
| 3rd Gate |
Enter the 6-digit one-time password sent to your email |
| 4th Gate |
Enter your password to complete login |
🔗 Custom Login URL
Change your default WordPress login URL (/wp-login.php) to a custom URL of your choice. Including / in the URL creates a pseudo multi-level path, making brute-force access even harder.
📖 Login Story Question
Log in by answering a randomly generated scenario-based question. By combining private words you register yourself (such as family names or pet names), the plugin automatically generates original questions that no third party could guess.
Example question:
Taro was eating a hamburger in the bedroom. A dog came in. Q: Who came into the bedroom?
Since the answer is always contained within the question itself, you’ll never face the problem of “forgetting the answer” like with traditional security questions.
✉️ One-Time Password
A 6-digit one-time password is sent to your email each time you log in. Enter the code to proceed to the next step.
What to do if the email doesn’t arrive →
✅ Whitelist
Register an IP address or trusted device to skip the 2nd and 3rd gates.
| Access type |
1st Gate |
2nd Gate |
3rd Gate |
4th Gate |
| 🔴 Unauthorized third party |
Required |
Required |
Required |
Required |
| 🟢 Whitelisted user |
Required |
Skipped |
Skipped |
Required |
🎨 Login Screen Customization
Change the banner image, text color, and background color to create a fully original login screen design.
📋 Contact Form 7 Integration
Integrates with Contact Form 7 to add a story-based CAPTCHA to your forms. By registering custom words that match your site’s theme, it works as an effective anti-spam measure.
Example question (sushi restaurant site):
The head chef was eating inari in the kitchen. An apprentice came in. Q: Who came into the kitchen?
Example question (hair salon site):
An assistant was holding hair dye in front of the mirror. A first-time customer came in. Q: What was the assistant holding?
Example question (cram school site):
Instructor A was eating instant noodles in the classroom. Instructor B came in. Q: What was Instructor A eating in the classroom?
SMTP Sending Settings
Use this setting if OTP authentication emails are not being delivered. WordPress’s default email sending function (wp_mail) may be filtered as spam or fail to deliver entirely, depending on your server configuration. By using an external SMTP server such as Gmail, you can ensure reliable email delivery.
Step 1: Send a test email first
Enter your recipient email address and click the “Send Test Email (wp_mail)” button.
If the email arrives, no SMTP configuration is needed. You’re all set!
If the email does not arrive, proceed to the next step.
Step 2: Open the SMTP settings
Click the “Did Not Receive It?” button to reveal the SMTP sending settings.
Step 3: Choose your SMTP server
Click the “?” icon next to the SMTP Server field to see a list of popular services. Simply click a service to automatically fill in the server name and connection method.
| Service |
Best for |
| Gmail |
Anyone with a Gmail address (free to use) |
| Xserver |
Users sending via Xserver email |
| Sakura Internet |
Users sending via Sakura Internet email |
| Lolipop! |
Users sending via Lolipop! email |
If your service is not listed, enter your SMTP details manually.
For Xserver and Sakura Internet users: The SMTP server field will be auto-filled with a placeholder containing “serverID”. Replace “serverID” with your actual server ID, which can be found in your hosting control panel.
Step 4: Enter your username and password
Enter the email address you want to send from in the Username (Email Address) field. This can be the same address as your recipient email.
How you enter the Password depends on your email service.
For Gmail (App Password required)
Gmail does not allow your regular account password to be used for SMTP. You will need to generate a dedicated App Password.
- Click the “?” icon next to the Password field
- Follow the link to Google Account → Security
- Enable “2-Step Verification” if you haven’t already
- Open “App Passwords”, enter any name you like (e.g. “Site Name OTP”), and click Create
- Copy the 16-character password shown and paste it into the Password field
⚠️ Your App Password is only shown once at the time of creation. Copy it immediately.
For Xserver, Sakura Internet, or Lolipop!
Log in to your hosting control panel, find your email account settings, and enter the password for that email address.
Step 5: Enable, save, then send a test email
Once all fields are filled in, check the “Enable” checkbox at the bottom of the SMTP settings.
Then click “Save Changes” to save your configuration. SMTP only becomes active after saving. If you run a test before saving, the email will be sent via wp_mail (the default method) instead — so be sure to save first.
Once saved, the “Send Test Email (SMTP)” button will be ready to use. Click it and if the email arrives, you’re all done!
If the email does not arrive, double-check your entries (server name, username, and password). For Gmail, make sure your App Password was copied correctly.
