Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
I've been looking through security plugins for WordPress for a long time. You'll find there's plugins that purport to do a lot, and others that are more focused. In any case, you'll find the all encompassing ones can be more of a headache if settings aren't set quite right for your particular environment and also quite the resource hit. From my experience, targeting a few specific security tasks with smaller plugins is a better approach. Login Security Solution is one such tool in my arsenal, and I recommend it.
My only complaints are that the user error messages are sometimes confusing to end users. I also wish the plugin allowed for a seven character length password (the same as a default WordPress installation). I've seen the plugin author's rationale for requiring passwords to be a minimum of 10 characters in the forums (simply put, the longer the password the more secure), but it would avoid the headaches that are induced when the default WordPress password hint ("at least 7 characters...") is presented to users, which can and have occurred with changes to the WordPress core or conflicts with other plugins.
All in all, I definitely recommend it, because the benefit outweighs the support related issues, it works, and I haven't found a better solution.
An efficient security plugin, indeed. But facing the case to not be allowed to log in as admin with regular password is a little harsh for me. The only solutin I found: desactivate the plugin.
And I am not convinced by the possible reasons given by plugin's creator.
I installed this plug-in on a client site. It forced me to login twice due to supposed inactivity, even though I was quite busy doing things on the site. That was enough for me to say bye.
Also, is there a log of activity showing users who are trying to hack in?
Does everything necessary and is simple to use. I recommend creating a second admin account with a strong password which you only use in case of a problem with the plugin to be able to log in and deactivate it.
This plugin, in combination with Rename wp-login.php has pretty much stopped the login attacks on the 20 sites I manage. I really like that it also protects the xmlrpc.php file and the notifications it sends.
Today I had to change my passwords twice, first because I logged-in on a café network. And then because I logged-in at home. Different IPs the same day, and here we go! Forcing to change password!
Sorry, but forcing to change a password without the option to ignore or providing extra information regarding the potential attack isn't security. Today, both times wasn't an attack, and I had to change my password twice....
Tested on [ link redacted, please do not post links in reviews ] and it look to be the best of all about login security.
Good plugin, I translated it into Italian.
If any body interested I give you mo and po files.
Implemente el pluging de seguridad en servipo.com.uy y la verdad que hasta el momento eh quedado contenido con la funcionalidad del mismo ya que tiene una interfaz fácil de utilizar y parece ser muy eficiente en cuando a seguridad y vigilancia.
I SALUTE YOU, Using multisite.
Right now I'm not able to reset my password, but I will figure out something.
Please let me know if I could help u anyway with the test or something.
MANY MANY MANY Thanks
You must log in to submit a review. You can also log in or register using the form near the top of this page.