A SaaS based solution for protecting against brute force attack on WordPress based sites and a simple way to enable strong password authentication for the admin account, without using HW tools.
For more information, check out LoginWall.com.
Adding time elements to the passwords to make brute-force attacks and even key-loggers useless. Blocking brute-force/dictionary attacks without blocking legitimate traffic. Alerting administrators from brute-force attacks. Providing extra security measures even when a simple password is in use.
Why use LoginWall’s password?
The security threat report of 2013, made by SophosLabs, states that around 25,000 legitimate websites are infected daily with malware, which in turn, infects the visitors of these sites…
Protecting your visitors from getting infected by your site is protecting your site from a malicious break in. And the easiest way to break into a web site, is by hacking the admin password.
LoginWall’s password is the way to block hackers from getting your admin password, which usually takes no more than a day or two, using brute force tools.
Integrating LoginWall authentication with WordPress is very simple. Follow these quick installation steps:
Install using the WordPress Gallery for the easiest installation or download, unzip and upload the LoginWall files to your /wp-content/plugins/ directory.
Please make sure you know your admin username before installation – auto complete will stop working
From your WordPress dashboard, activate LoginWall WordPress plugin.
You will get an email with all the details that were filled in the LoginWall WordPress plugin settings.
Change your password to LoginWall password (from LoginWall settings page) to get better protection.
Log out of your WordPress account. When you log back in, you’ll be prompted to insert your LoginWall password.
- Who is this plugin for?
For just about anyone who cares about their site’s security and doesn’t want to get hacked
- What is the recommended length of a LoginWall password?
Password should always be as long as you can. With LoginWall password, you can choose a 5 character password with at least one pause.
- Is there a minimal number of stops/characters in a LoginWall password?
The minimal number is 2 characters with 1 pause, but we don’t recommend to use such short passwords.
- Does stops after the last password character count?
No. Only pauses between characters count as a stop
- What additional security measures will I get by using LoginWall solution?
Your WP admin account will have very strong password, in addition to brute force protection for all users.
- How do you protect your password file?
Your password is safe. We don’t save your password in our database, only a hashed key of the password and time element so even if someone hacked into our database your password cannot be retrieved.
- What if I forget my LoginWall password?
No problem. You can reset your password. Just click “Lost your password?” on your wordpress login page and you will get an email with instructions on how to generate new LoginWall password.
- Can I change the set of shown photos from egg-chick-chicken to another set of photos?
You will have the ability to change the pictures in your dashboard at LoginWall web site very soon.
- Can I change the speed in which the photos change?
You will have the ability to change the speed of the pictures in your dashboard at LoginWall web site very soon.
- Can I set a LoginWall password just for the admin account or is it possible to set it to all the site users?
Currently, this free version is only for admin accounts. LoginWall will protect all admin users in your site with a LoginWall password. All other users are protected against brute-force attack.
Hacker installed this plugin, and then from what I can gather, somehow used it to blast our server with invalid SSH login attempts. Ate up all of the server’s RAM and all sites stopped responding. Had an entire 2 days of downtime for 7 sites.
This plugin mysteriously found its way onto my site around the same time that my site went down and just displayed LOADS of adverts for Nike Air Jordans.
Definitely a hack.
My website’s wp_options table was spammed and finally crashed to white screen of death. Only apparent clue is that there were two instances of this Login Wall -plugin on my WordPress installation. They have appeared from nowhere at the same time that my site went down. Now I’m struggling to get the site working again and my content restored.
Please WP admins / Professionals, do something about this! 🙁
I have been tracking the source of a mysterious installation of this plugin on a site I manage. It has occurred several times over the last weeks and I finally traced it to the site having been breached. The hacker has gained one of the admin credentials and seems insistent on installing Login Wall plugin amongst other things. The last instance was sourced at IP address 220.127.116.11 in China.
Contributors & Developers
“LoginWall for WordPress (Beta)” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
= Beta 0.1.1
- Auto create LoginWall account
- Show messages on the Admin area
- Initial Beta release!
- LoginWall Password for Admin users
- Brute-force protection