Well I have been using this for a while and since I didn't have any issues I could only assume it was working. I was sadly and poorly mistaken. Today my site was under such a heavy brute force attack that my hosting company shut down my site to protect their own servers from crashing. They said I had over 700,000 login attempts in less than an hour. This plugin DOES NOT WORK! DO NOT RELY ON IT!
Leaves a table and settings in your database after deinstallation. Uses the init-Hook to perform on every page call :-(
Doesn't care about the real admin (customer!) knocking at the door while or shortly after an attack has happend.
So please put an .htaccess in your wp-admin folder instead and use HTTP AUTH with a diffent username and password. This is by far the most effective way to prevent admin area hacking in general as well as distributed attacks and probing usually published login names (yes they're published, even if not visible - look into the HTML).
Hope this helps!
You must log in to submit a review. You can also log in or register using the form near the top of this page.