Lockdown plugin. WordPress protection – Login LockDown plugin. Installing and configuring the Login LockDown security plugin

💖 Do you like it? Share the link with your friends
0

(Last update: 02.12.2019)

Hi all! Today we'll talk about the security of your WordPress website/blog. To sleep peacefully, you need to ensure safety. The most common way to hack it is to select a password and username to log into your admin panel (protection against this is). If for some reason bad people find out your login, then choosing a password for them will not be difficult.

WordPress Admin: Hacking Protection

Don't wait until your site is hacked before you start caring about security practices. Now is the time to limit the number of login attempts on your WP site. Let us, dear friends, make this task more difficult for attackers. How to limit login attempts in WordPress? Using the free Login LockDown plugin.

Michael Heymans says ():

Security is a priority when working on any website, so we use every opportunity to ensure it. An additional level of protection is provided by the Login Lockdown plugin. It protects the WordPress admin from hacking by guessing the login password. If an excessive number of login attempts are made from an IP range, when the limit is reached, Login Lockdown blocks all requests from that range.

Every WordPress website owner runs into problems from time to time that could probably be solved with some handy back-end plugins. You don’t need to go fast or far. That's what made WordPress so popular, right? Plugins are convenient and can solve many problems, which is especially useful if you are not a developer or lack professional skills.

WordPress Security – Login LockDown Plugin

An additional level of protection is provided by the Login Lockdown plugin

Plugin for WordPress Login LockDown Limits the number of login attempts from a given range of IP addresses within a specified period of time. It is for reliable protection of your WordPress control panel.

About the Login LockDown plugin

Login LockDown records the IP address and timestamp of each failed login attempt. If more than a certain number of attempts are detected from the same IP address range within a short period of time, the login feature will be disabled for all requests from that range. This helps prevent brute force discovery of the password.

Currently the plugin is blocked by default for 1 hour from the IP block after 3 unsuccessful attempts login within 5 minutes. In other words, you will be blocked for one hour if you enter the password incorrectly 3 times in 5 minutes. This can be changed through the Settings panel. Administrators can release blocked IP ranges manually from the panel.

Installing and configuring plugin

Of course, one plugin cannot completely protect your blog; additional measures are needed, which I will write about on the pages of my blog. But this will happen later, but now please go to the admin panel to install the plugin. Section - Plugins - Add new. Enter the name Login LockDown into the search box:

Search for a plugin

The plugin you are looking for will be the first in the list, click “Install”, then “Activate plugin”:

Installing the plugin using the standard method

The next step is to configure it. Section Settings - click on the name of the module.

WordPress admin protection

On the page that opens - Login Blocking Options - specify:

  • The maximum number of login attempts is for example 3;
  • Limit the repeat time period (minutes) for example, 5;
  • Blocking time in minutes, for example, 180;
  • Blocking invalid usernames? - Yes;
  • Login errors? - Yes.

Plugin settings page

Click "Update Settings". Ready. This is what the admin login form looked like without the plugin:

Login to WordPress admin panel

And now it will be something like this:

Login form with plugin

Finally

The first layer of security for your WordPress site is the password itself. You must always choose strong password for your web resource. Just in case, read what to do if you... No website is 100% secure, as bad people always find new ways to bypass security. That is why it is extremely important to maintain full backups your WordPress site.

I hope this post helped you add a login attempt limit to your WordPress site. That's all for me. Good luck to you. All the best friends. Bye bye!

(function(w, d, n, s, t) ( w[n] = w[n] || ; w[n].push(function() ( Ya.Context.AdvManager.render(( blockId: "R-A -292864-4", renderTo: "yandex_rtb_R-A-292864-4", async: true )); )); t = d.getElementsByTagName("script"); s = d.createElement("script"); s .type = "text/javascript"; s.src = "//an.yandex.ru/system/context.js"; s.async = true; t.parentNode.insertBefore(s, t); ))(this , this.document, "yandexContextAsyncCallbacks");

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a
certain number of attempts are detected within a short period of time from the same
IP range, then the login function is disabled for all requests from that range.
This helps to prevent brute force password discovery. Currently the plugin defaults
to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified
via the Options panel. Administrators can release locked out IP ranges manually from the panel.

Installation

  1. Extract the zip file into your plugins directory into its own folder.
  2. Activate the plugin in the Plugin options.
  3. Customize the settings from the Options panel, if desired.

Reviews

I like this plugin and use it on a number of websites I am a webmaster for. In case it helps, here are some thoughts on how/why I have configured the plugin. I leave the first 3 entries as default (3,5,60). They seem ideal to me. I set Lockout Invalid Usernames? to YES. If they don"t know the Username, why are they trying to login? I am careful, so I won"t lock myself out. I set Mask Login Errors? to YES. Denies useful intelligence to people who are trying to login when they shouldn't. Why help them? I set Show Credit Link? to NO. I love helping people - and as it happens it"s my professional work - however telling people about the plugin so they can protect their blogs also tells people who are trying to login when they shouldn't what security I am using. This is a more minor point, however it also falls under the "need to know policy" - they don't .

I generally don"t have issues with this plugin and I assume it"s working well to protect my site from hackers. The only issue I have is that time to time it locks me out although I KNOW for a fact that I haven't attempted to login unsuccessfully several times.

I welcome you to mine!
How are websites hacked? The simplest and quick way hacking is the selection of login and password in the admin panel. Most owners of Internet resources leave the administrator login by default, which makes the task of hackers much easier - all they have to do is guess the password. If you have not done this before, I strongly recommend that you change the default “admin” value to a unique login. You can change the login and password to access the site control panel in the “Users” admin section or through your blog’s database.

It would not be superfluous to mention that the password must be strong - consisting of 8 or more characters. What is the password for your account You can find out the best choice by reading this. This will make it more difficult for burglars.

Another great tool for protecting the Wordpres control panel from the use of password guessing programs by attackers is Login LockDown plugin.

Login LockDown plugin action.

This plugin works according to the following principle. It tracks unsuccessful attempts to log into the control panel of an Internet resource and records the IP address and exact time.

If within a certain time several unsuccessful attempts are recorded with given address, then the plugin will block this user for the time specified in the settings.
An error message will be displayed on the screen, and the attacker will lose all chance of guessing the password.

Installing Login LockDown on the site.

I have already talked about how to install plugins in WordPress in this article.
Installing the Login LockDown plugin is not much different from installing other similar tools.
You need to go to the site admin area, select the “Plugins” panel and click the “Add new” button.

After this, a standard window for adding tools will open, in which you can find the plugin by keywords or use downloading files from your PC if you have downloaded it previously.
Next, you need to confirm the installation of the tool and activate it.

Setting up Login LockDown.

In order to configure protection to suit your needs, you need to go to the plugin settings.
To do this, select the “Options” menu and find the security plugin in it.

A window with tool settings will open in front of you.

Description of the Login LockDown plugin settings.

  • Max Login Retries – responsible for the maximum possible number of unsuccessful attempts before the blocking is triggered;
  • Retry Time Period Restriction – the period of time for which the entry of an incorrect password to the admin panel is taken into account. Here, the more time you set, the safer it will be;
  • Lockout Length – time for which the suspicious IP address will be blocked;
  • Lockout Invalid Usernames – this item checks whether the user's login is entered correctly.
    That is, if you do not activate it, then the login can be selected as many times as you like. And login to your account will not be blocked, provided you enter the correct password. It is better to activate it, this increases the reliability of the blog;
  • Mask Login Errors – masks a data entry error on the attacker’s screen.
    If you do not activate it, a hint will be displayed on the screen that you entered incorrectly, your login or password.

It's better to activate this feature.

This way the villain will not understand that he entered the password or login incorrectly;

  • Currently Locked Out – list of blocked IPs and time remaining until access is unblocked.

Here you can unblock any IP address.
After making all the necessary changes, click the “Update Settings” button for them to take effect.
Now access to the site’s control panel will be protected by the plugin and hackers will not be able to use programs to guess passwords.

Website security is a priority when developing a web project, and WordPress security will be no exception. Attempts of unauthorized access to blog management, although not universal, do occur in the life of a webmaster...

To protect your website from blatant hacking, by selecting input data, you can limit access to the administrative panel. To do this, you can leave priority only for trusted IP addresses, or set a limit on the number of authorization errors.

A popular tool for bloggers in the fight against recruitment is the free plugin – Login LockDown. This highly specialized add-on is aimed at tracking authorization attempts, that is, logging into the WordPress console.
A special feature of the plugin is the flexibility of its settings, allowing the administrator to delay each login attempt, limited to a specified number, and then block the attacker (his IP address) for a long time!

Installation and activation

You can install the add-on within your means FTP access, before downloading the archive with the plugin - https://wordpress.org/plugins/login-lockdown/
or go to the “Plugins” section of the admin panel, click “Add new” at the top, then enter the name in the search bar and press “Enter”. We install the first result, and then activate it.

Plugin settings

As previously noted, the number of LoginLockDown options is small and represents only functional parameters. Once activated, the plugin operates with default values, which are preferred by most users.
In the panel, expand the “Settings” section, where you will find the “Login LockDown” item, click and go to the settings page “ Login LockDown Options»:

  1. Max Login Retries – the number of authorization attempts after which the address is blocked. The default is 3 (we do not recommend setting more than 5 attempts).
  2. Retry Time Period Restriction (minutes) – the number of minutes between attempts to log in, by default 2 minutes (it is better to reduce it so that the user can re-login soon).
  3. Lockout Length (minutes) – the number of minutes of blocking an IP address, by default 120 (2 hours), it is quite possible to increase with the proper level of danger.
  4. Lockout Invalid Usernames? – option to disable plugin functions for unregistered names (logins). We enable it at our discretion, since selecting a non-existent login-password pair does not pose any danger.
  5. Mask Login Errors? – option to disable authorization errors. The user will not be notified if the username or password is incorrect.
  6. Show Credit Link? – option to display a link to the plugin’s official website (advertising for Login LockDown developers). Displayed by default, to disable click the third checkbox.
  7. Update settings – button to update settings, click at the end to save the changes made.
  8. Currently Locked Out – area with a list of blocked addresses. It is possible to clear the IP for trusted persons who have not gained access to the admin panel.

Instead of an afterword

This way, you can unobtrusively restrict access to the WordPress admin area, excluding automatic or manual selection. The Login LockDown plugin is periodically updated, which indicates compatibility with current versions of the CMS.

02/27/2017 Romchik

Good day. In this article we will look at one of the issues of protecting a website on WordPress, or more precisely protecting the WordPress admin area. To be more precise, let’s look at a plugin that allows you to limit the number of attempts to log into the WordPress admin area. We will install and configure the WordPress Login LockDown plugin.

First, you need to download and install the Login LockDown plugin from the official website. Installing this plugin is not difficult, so we won’t dwell on it.

Let's take a closer look at the setting.

Plugin Features –Login LockDown

The plugin allows you to block an IP address for a while if there have been several unsuccessful login attempts over a certain period of time. What is it for? This is normal protection against brute force (username and password guessing). Here is an example from life, my blog, screenshot from the access.log file

As you can see, a user with IP address 124.104.31.203 is trying to do something on the login page. And he tried to guess the login and password. After several attempts, his IP address was blocked.

Plugin setup – Login LockDown

Go to Settings -> Login LockDown and get to the plugin settings page.

In the first field we indicate the maximum number of incorrect attempts.

In the second field we indicate during what period attempts are taken into account (indicate in minutes)

In the third field we indicate the period in minutes for which we will block the user.

After all the settings, click “Update Settings”

The settings for the Login LockDown plugin, which is used to protect WordPress, are complete.

But, if you noticed, there is another “Activity” tab, which displays blocked IP addresses.

Conclusion

We have configured the Login LockDown plugin, which allows you to protect your WordPress website from brute force attacks.

In order not to miss the release of new articles, subscribe.



tell friends
Twitter
Device with...
Next article
Read also
Office software for a tourism enterprise Automation program for a travel agency self-tour
Office software for a tourism enterprise Automation program for a travel agency self-tour
2023-10-23 00:05:22
VKontakte: quick password recovery is not available
VKontakte: quick password recovery is not available
2023-10-22 00:02:31
Autoclickers for mouse and keyboard Download autoclicker is very fast
Autoclickers for mouse and keyboard Download autoclicker is very fast
2023-10-22 00:02:31
Classmates don't work!
Classmates don't work!
2023-10-22 00:02:31