Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
Before installing this plugin, read the FAQ!
If your WP install is behind a proxy or load balancer, please be aware
that this plugin uses the
REMOTE_ADDR provided by the web server
(as does WordPress' new comment functionality and the Akismet plugin).
If you want our brute force tracking to work, we advise adjusting your
wp-config.php file to manually set the
REMOTE_ADDR to a data
source appropriate for your environment. For example:
$_SERVER['REMOTE_ADDR'] = preg_replace('/^([^,]+).*$/', '\1', $_SERVER['HTTP_X_FORWARDED_FOR']);
Download the Login Security Solution zip file from WordPress' plugin
Unzip the file.
Our existing tests are very effective, catching all of the 2 million entries in the Dazzlepod password list. But if you need to block specific passwords that my tests miss, this plugin offers the ability to provide your own dictionary files.
Add a file to the
pw_dictionaries directory and place those passwords
in it. One password per line.
Please be aware that checking the password files is computationally expensive. The following script runs through each of the password files and weeds out passwords caught by the other tests:
If your website has a large number of non-English-speaking users:
See if a keyboard sequence file exists in this plugin's
pw_sequences directory for your target languages. The following steps
are for left-to-right languages. (For right-to-left languages, flip the
direction of the motions indicated.)
If a translation file for your language does not exist in this
languages directory, add one. Read
details. The files must use UTF-8 encoding. Send me the file and
I'll include it in future releases. See the features request
The last step of the new password validation process is checking if
the password matches an entry in the
dict program. See if
is installed on your server and consider installing it if not.
login-security-solution directory to your
Activate the plugin using WordPress' admin interface:
Adjust the settings as desired. This plugin's settings page can be reached via a sub-menu entry under WordPress' "Settings" menu or this plugin's entry on WordPress' "Plugins" page. Sites using WordPress' multisite network capability will find the "Settings" and "Plugin" menus under "My Sites | Network Admin".
Run the "Change All Passwords" process. This is necessary to ensure all of your users have strong passwords. The user interface for doing so is accessible via a link in this plugin's entry on WordPress' "Plugins" page.
Ensure your password strength by changing it.
Login Security Solution provides hooks in critical methods, allowing you to add custom behaviors.
Requires: 3.3 or higher
Compatible up to: 4.1.1
Last Updated: 2015-3-15
Active Installs: 20,000+
3 of 4 support threads in the last two months have been resolved.
Got something to say? Need help?