Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.
I just got an email (tip) from Laura Betterly today.
She advised everyone who has a WP installation to get this plugin. Of course, I have been using it on all my installs for many months and as pointed out by nearly everyone on this forum, it works without flaw.
I also agree that it should be part of the WP core but since it's not, it's doing just fine as a standalone plugin.
I highly recommend this plugin for anyone who wants to keep their WP installation safe and as Laura and other here have pointed out, stop using admin as a username.
Doing that in combination with this plugin will thwart 90% of attacks especially by humans.
If their mission is to gain access to your dashboard, they will find themselves in a bit of a box when the obvious admin username try fails.
If you leave the plugin as configured, they will only have 3 more 'at bats' which they will quickly waist and expose themselves as hacker who should be IP banned (I do as soon as I get their IP from the log).
Good plugin, life!
There's a reason why this plugin is mandatory for some hosting providers. It prevents brute force attacks very well. I think it should be moved into core!
Very happy with the free version. Does everything it says, and has a clear interface.
I kept seeing attempts at brute forcing one of my sites the other day, searched and found this plugin. It has stopped attempts on 2 sites.
And I agree with jwheck - don't use "admin" as a username.
My blog gets about a dozen attempted break-ins a month. It's humbling to know that people would want to break into my site. On the other hand, it's scary to see how many attempted break-ins I get even for my small site. I like the email notifications I can set up for myself.
Lots of security plugins, but for the most common hack, this is simply sublime.
Great, invaluable, is on my list of default plugins has stopped many attacks. It is also wise to change the default username from 'admin' as since installing this I have realised how many, pathetic, brute force attacks go on. I originally installed it after being hacked by a teenager from Algeria - I guess it keeps him off the streets.
Several sites had been hacked, so I cleaned up everything, and the main change I made was change the admin passwords. Then I installed this tool. Within 24 hours I got a notice that an IP from the Ukraine had been blocked.
This should be part of core, it's just good common sense.
You must log in to submit a review. You can also log in or register using the form near the top of this page.