As always security and ease of use is a tradeoff. Even though I reduced the security settings on this my user where not able to login. One example: Many bruteforce attempts these days scans wordpress to find the valid usernames, then use that for BF attack. As a result my users was required to change password very often as the plugin forces "Forgot password" procedure on them on almost every login.
I think the plugin is very good on a personal blog, and I would use it if we were only technical savvy users on my system.
In the wake of BruteProtect getting absorbed into JetPack, I went looking for a simple, login security plugin. This one has a ton of configuration options and will even log a user out after a desired period of time (something I never had with BP). Awesome plugin and it's now part of my standard theme setup.
Works as advertised.
I've been looking through security plugins for WordPress for a long time. You'll find there's plugins that purport to do a lot, and others that are more focused. In any case, you'll find the all encompassing ones can be more of a headache if settings aren't set quite right for your particular environment and also quite the resource hit. From my experience, targeting a few specific security tasks with smaller plugins is a better approach. Login Security Solution is one such tool in my arsenal, and I recommend it.
My only complaints are that the user error messages are sometimes confusing to end users. I also wish the plugin allowed for a seven character length password (the same as a default WordPress installation). I've seen the plugin author's rationale for requiring passwords to be a minimum of 10 characters in the forums (simply put, the longer the password the more secure), but it would avoid the headaches that are induced when the default WordPress password hint ("at least 7 characters...") is presented to users, which can and have occurred with changes to the WordPress core or conflicts with other plugins.
All in all, I definitely recommend it, because the benefit outweighs the support related issues, it works, and I haven't found a better solution.
An efficient security plugin, indeed. But facing the case to not be allowed to log in as admin with regular password is a little harsh for me. The only solutin I found: desactivate the plugin.
And I am not convinced by the possible reasons given by plugin's creator.
I installed this plug-in on a client site. It forced me to login twice due to supposed inactivity, even though I was quite busy doing things on the site. That was enough for me to say bye.
Also, is there a log of activity showing users who are trying to hack in?
Does everything necessary and is simple to use. I recommend creating a second admin account with a strong password which you only use in case of a problem with the plugin to be able to log in and deactivate it.
This plugin, in combination with Rename wp-login.php has pretty much stopped the login attacks on the 20 sites I manage. I really like that it also protects the xmlrpc.php file and the notifications it sends.
Today I had to change my passwords twice, first because I logged-in on a café network. And then because I logged-in at home. Different IPs the same day, and here we go! Forcing to change password!
Sorry, but forcing to change a password without the option to ignore or providing extra information regarding the potential attack isn't security. Today, both times wasn't an attack, and I had to change my password twice....
Tested on [ link redacted, please do not post links in reviews ] and it look to be the best of all about login security.
You must log in to submit a review. You can also log in or register using the form near the top of this page.