I like this plugin and use it on a number of websites I am a webmaster for.
In case it helps, here are some thoughts on how/why I have configured the plugin.
I leave the first 3 entries as default (3,5,60). They seem ideal to me.
I set Lockout Invalid Usernames? to YES. If they don’t know the Username, why are they trying to login? I am careful, so I won’t lock myself out.
I set Mask Login Errors? to YES. Denies useful intelligence to people who are trying to login when they shouldn’t. Why help them?
I set Show Credit Link? to NO. I love helping people – and as it happens it’s my professional work – however telling people about the plugin so they can protect their blogs also tells people who are trying to login when they shouldn’t what security I am using. This is a more minor point, however it also falls under the ‘need to know policy’ – they don’t.
- The topic ‘Useful security plug’ is closed to new replies.