Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
An efficient security plugin, indeed. But facing the case to not be allowed to log in as admin with regular password is a little harsh for me. The only solutin I found: desactivate the plugin.
And I am not convinced by the possible reasons given by plugin's creator.
I installed this plug-in on a client site. It forced me to login twice due to supposed inactivity, even though I was quite busy doing things on the site. That was enough for me to say bye.
Also, is there a log of activity showing users who are trying to hack in?
Today I had to change my passwords twice, first because I logged-in on a café network. And then because I logged-in at home. Different IPs the same day, and here we go! Forcing to change password!
Sorry, but forcing to change a password without the option to ignore or providing extra information regarding the potential attack isn't security. Today, both times wasn't an attack, and I had to change my password twice....
It's a tough plugin - no doubt. Within minutes of installing this plugin on my site, I was notified of an attempted intrusion. Good job!
Day 2: I try to log in to my own site (mind you, I did NOT choose to force resets on the passwords) and not only was I denied the ability to log in and forced to create a new PW ... but NOTHING I have attempted as a new password is secure enough to be accepted.
I can't log in to my own site!
The security part works great - the password part ... not so much. I highly recommend staying away from this plugin until they add a "human friendly" option. The password requirements and enforcement is just too stringent.
You must log in to submit a review. You can also log in or register using the form near the top of this page.