Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
It does his job.
Installed this plugin while my site was brute force login attacked to thwart the bots. The bots were trying the user names "admin", "test" and <mydomianname> without the .com and originating from IP addresses worldwide at 10 to 15 attempts per minute. Luckily I don't use any of those weak logins and have very long random passwords.
The plugin is small, uncomplicated to use and there's no bypassing it. The failed login redirect is nice to send traffic back to the bots and tie up their bandwidth.
Thanks for this plugin.
Great plugin to add to your security arsenal.
Although the cloaked URL feature isn't there, the other features are still well worth having on your site. The authentication field in particular is brilliantly executed. Many thanks!
Since the last update the cloaked url's are suddenly missing. This function was the main reason for installing this plugin. In my opinion it is a great security measure that people have difficulty with finding the correct login url. I would really like the cloaked url function to return again!
Game changer....really? I liked the old masked URL's better, that was a game changer.
This passcode/pincode thing is definitely NOT a game changer. I use Google Authenticator and Login Lockdown to take care of this. Google Authenticator will at least change the pincode every 30 seconds. This plugin has now become more noise in the WordPress Repository.
Please bring back the masked .wp-login.php feature.
Very pleased with this. I set it so it sends any errors to a malware site. I like that it gives no warning. So easy and so effective.
Before the last update, the login url was completely masked. It kept most login attempts by botnets outside. Which was really good. Now, you are required to fill in a passcode (like Google Authenticator, only the code stays the same for ever, until you change it).
Would be awesome if I as the admin could use both the masked url as well as the passcode. I know, this only provides basic security, but hey.. it worked before. Now most botnets will try anyways, which I don't want them to.
This plugin worked fine until I updated it today. After the update, I was locked out of my blog and had to go into htaccess and disable all my plugins to get back in. Any fixes on the horizon?
You must log in to submit a review. You can also log in or register using the form near the top of this page.