Seems to work fine, but...
I have a WP site that I almost *never* need to login to (maybe a few times a year) and I was still seeing a lot of bot attempts, so I stopped using this and simply added 'exit;' after the opening PHP tag in the wp-login.php page.
This basically kills the login page dead and prevents ANY login, even legitimate ones. Yes, it's crude, but it stops 100% of ALL login attempts cold.
If I need to login, I ftp in, remark out the 'exit' command and login. Yes, it's a little bit more cumbersome but for a site that is almost never logged in to it works perfectly.
Works just as described. I see no reason for anybody to give this plugin a low rating.
Reduces frequency of brute-force attack on any WordPress site were it is installed and enabled.
This plugin just works like a charm. Also the customized page to redirect our lamers it's a great idea. Thanks and congrats.
Another of my must-have plugins for basic WordPress hardening, this plugin stomps brute-force attacks.
I really like this plugin. I use it with the Recaptcha and it stopped all the unwanted login attempts I was receiving.
Works great--much more secure to have that extra sign-in code. Very simple to set up too!
It does his job.
Installed this plugin while my site was brute force login attacked to thwart the bots. The bots were trying the user names "admin", "test" and <mydomianname> without the .com and originating from IP addresses worldwide at 10 to 15 attempts per minute. Luckily I don't use any of those weak logins and have very long random passwords.
The plugin is small, uncomplicated to use and there's no bypassing it. The failed login redirect is nice to send traffic back to the bots and tie up their bandwidth.
You must log in to submit a review. You can also log in or register using the form near the top of this page.