This plugin is easy to install and set up, and works great.
With all the hack-rats out there running bots that scan for WP-Login and WP-Admin so they can start pounding sites with brute force attacks and sql injection attempts targeted at the login screen, you can save yourself a massive layer of headaches and alleviate some pressure on your server with this one simple, elegant little plugin. I've been installing it on all the 3.9+ sites I manage, and it works like a charm. I'll add that it doesn't interfere with WordFence security (I'm not sure about other firewalls), and the two working together in combination go a long way toward hardening your site against the most common attacks.
The one incompatibility I've noticed is with Woo Commerce, but it's not a deal-breaker. On the WooCommerce sites I run, when Lockdown redirects from WP-Login or WP-Admin to a 404 Page Not Found page, some php errors get thrown and the css breaks. This can be partially remedied by making sure you're not showing php errors (there are good instructions for this in the WP Codex), but it should eventually be addressed by the developer. Sean, any chance you might take a look at this sometime soon?
Easy-to-use and works like an e-deadbolt!
Another plugin that should be integrated as part of WP core!!!
I've been using the "Limit Login Attempts" plugin for the past 3~ years, along with various .htaccess files.
Last week I put a new theme online, replacing my first.
Started a new database, better permalink and no more Year/Month folders.
Installed this plugin about 4 months ago, on my old site. It has made my login screen completely invisible and hidden - from any person who is on the internet.
NSA notwithstanding... :)
There seems to be a fair number of plugins, that try to handle similar issues, but this is a major security solution.
One could just about go back to using Admin and Password - to login again... :)
PS: I've been going to cPanel a fair amount lately and doing stuff in phpMyAdmin. But a few days ago I was looking at the cPanel options and happened to see the File Manager. This was going to be my first time using it.
Checked out all the folders. Most were empty. There were a couple which were related to 'mail' and they were NOT empty.
Looked inside and discovered that there were thousands and thousands of notices of hack attempts - which were generated by the "Limit Login Attempts" plugin. The average was maybe 300/day (12 per hour). This data went back about 3 years. And apparently ended when I started to use this "Lockdown WP Admin" plugin.
It then took over two hours - to slowly go thru all this historical data and select a group, press Delete, and then wait for the slow Refresh. And on and on - it went. Finally all of those entries were removed...
Who knew... !
This plugin does exactly what I wanted! HTTP auth is a bonus. Highly recommended!
I am getting an error when i change the link and then open that login link i get this error
Cannot redeclare login_header() (previously declared in /home/websgfx/mysite.net/wp-login.php:41) in /home/websgfx/mysite.net/wp-login.php on line 147
Very good and easy to use tool!
- For those people who say it does not work -> RTFM
- For those people who say they still get login attempts after they changed ****/wp-admin to ***/admin or ***/login. You deserve to be hacked ... or change it to something not so obvious ;-) LOL
Tolles und einfaches Plugin. Hier findet ihr mein Review zu Lockdown WP sowie weitere Tipps für mehr Sicherheit.
Tried a few things, including modifying the .htaccess files but this one works a treat!
I installed and within minutes my login page was changed. This is a big leap in security, preventing hackers from even having the chance to try to login. GREAT plugin!!! EXCEPTION: As of this release, it does NOT work where WordPress is in a subdirectory and redirected from root directory - a common installation. However, it works well when WordPress is installed in the root. I do hope the other issue is resolved soon.
However, this plugin is so good that I had one site installed in a subdirectory and I rebuilt it to the root just so I could use this plugin. Yes, it's that good. I have other plugins for locking IP addresses and the like, but this one virtually eliminates the need. I have not had even one hack attempt since installing.
Here is an error. When we use HTTP Authentication using Lockdown wp admin then it works not only for wp-admin but also for front end website. This is very bad. I even used fresh copy of worpress 3.5.1 but I got same issue. Please resolve it asap.
You must log in to submit a review. You can also log in or register using the form near the top of this page.