=== Failed Login Email Alerts ===
Contributors: snehalpancholi
Tags: login alerts, brute force, security, failed login, email notification
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Emails the admin when failed login attempts exceed a threshold within a time window.

== Description ==

Failed Login Email Alerts watches for repeated login failures and emails an alert when a configurable threshold is exceeded within a set time window. A cooldown period prevents email flooding from sustained attacks. All alerts are logged in the admin with a clear viewer.

**Features:**

* Configurable failure threshold (default: 5 attempts)
* Sliding time window (default: 10 minutes)
* Alert cooldown per IP to prevent email flooding
* Alert log in the admin with IP, count, attempted username, and timestamp
* Log viewer with clear-all action
* Tracks by IP address with support for proxy/CDN headers (CF-Connecting-IP, X-Forwarded-For)

== Installation ==

1. Upload the `failed-login-alerts` folder to `/wp-content/plugins/`.
2. Activate through **Plugins**.
3. Go to **Settings → Login Alerts** to configure.

== Frequently Asked Questions ==

= Will this block the attacker? =
No — this plugin only alerts you. Pair it with a limit-login-attempts plugin to actually block IPs.

= What email address receives the alert? =
The admin email by default. You can set a custom address in Settings.

== Changelog ==

= 1.0.0 =
* Initial release.
