WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] How to Get BPS to be Compatible with UppSite Plugin (6 posts)

  1. sweetmelody
    Member
    Posted 2 years ago #

    I have installed UppSite Plugin http://wordpress.org/extend/plugins/app-your-wordpress-uppsite/ to create mobile apps for my WP websites. However, users are unable to comment from the apps due to BPS redirection protection. When users attempt to login from the apps, this error message - 'Bad Username or Password' will show.

    Kindly help, thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Can you give me specific details about this >>> "...due to BPS redirection protection" and the exact scenario on how the problem is occuring. ie user does this, then this occurs, then this is what i see. How did you come to the conclusion that it is a redirect problem. I will put this plugin in testing once I have that info. And I have to ask if you tested logging in yourself and this same problem is occurring. Thanks.

  3. sweetmelody
    Member
    Posted 2 years ago #

    Sorry, after a further investigation, I have discovered the problem is due to Lockdown WP Admin plugin and not BPS. Nevertheless, I have a question: is it necessary to hide wp-login.php if we are using BPS?

    Thank you very much and Merry Christmas!

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Trying to hide things is really not the most effective security approach. You can easily hide things from human visitors, but Bots will not be fooled by trying to hide something. What is the best security approach to protect against brute force dictionary cracking attacks on your login page is to limit the number of failed login attempts.

    There are several login plugins that allow you to limit the number of failed login attempts to a number of failed login attempts that you pick and will then automatically lock that user account from being able to try and login for an amount of time you specify. Example: 5 failed login attempts locks that user account from being able to attempt to login for 24 hours.

    Obscurity is an effective method of security protection and in the case of login pages choosing an obscure Admin login username is how that is best acheived. Be sure to make the displayed Admin name in comments different from your actual Admin login username. ;)

  5. sweetmelody
    Member
    Posted 2 years ago #

    Thank you very much for the great advice! Happy Christmas eve! :D

  6. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Very welcome. Merry X-mas!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic