Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
As always security and ease of use is a tradeoff. Even though I reduced the security settings on this my user where not able to login. One example: Many bruteforce attempts these days scans wordpress to find the valid usernames, then use that for BF attack. As a result my users was required to change password very often as the plugin forces "Forgot password" procedure on them on almost every login.
I think the plugin is very good on a personal blog, and I would use it if we were only technical savvy users on my system.
An efficient security plugin, indeed. But facing the case to not be allowed to log in as admin with regular password is a little harsh for me. The only solutin I found: desactivate the plugin.
And I am not convinced by the possible reasons given by plugin's creator.
I installed this plug-in on a client site. It forced me to login twice due to supposed inactivity, even though I was quite busy doing things on the site. That was enough for me to say bye.
Also, is there a log of activity showing users who are trying to hack in?
Today I had to change my passwords twice, first because I logged-in on a café network. And then because I logged-in at home. Different IPs the same day, and here we go! Forcing to change password!
Sorry, but forcing to change a password without the option to ignore or providing extra information regarding the potential attack isn't security. Today, both times wasn't an attack, and I had to change my password twice....
It's a tough plugin - no doubt. Within minutes of installing this plugin on my site, I was notified of an attempted intrusion. Good job!
Day 2: I try to log in to my own site (mind you, I did NOT choose to force resets on the passwords) and not only was I denied the ability to log in and forced to create a new PW ... but NOTHING I have attempted as a new password is secure enough to be accepted.
I can't log in to my own site!
The security part works great - the password part ... not so much. I highly recommend staying away from this plugin until they add a "human friendly" option. The password requirements and enforcement is just too stringent.
You must log in to submit a review. You can also log in or register using the form near the top of this page.