Learn how to use Login lockdown plugin for wordpress to secure your wordpress login pages. Recently i was concerned about my site’s security and was trying to add protection to my login page, when i found out about login lockdown.
How Hackers usually work?
Do you know hackers can gain control of your site once they figure out the password to your account? Figuring out username is so easy. You just have to enter any username and if the username is wrong, wordpress will show you a warning message “Incorrect username“. You can second guess as many times and eventually people can easily figure it out if they know your name.
But finding out password is where they fail. Since the dawn of ages, there are many tools available on the internet now, with which you can launch a brute force attack repeatedly and discover the password.
So to stop, such hackers repeatedly trying to gain access to your site, you should make your login page secure by putting a limit on the maximum number of logins coming from a computer.
How Login Lockdown plugin for wordpress protects you?
The plugin i am discussing about does just that. Login Lockdown observes the logins on the login page. If a hacker enters too many wrong passwords (set to 3 by default, you can change it in settings), then it logs the IP, and locks out the intruder’s IP address for 1 hour.
You can also lockout incorrectly entered usernames and further mask your login errors too, so that the hacker can never find out if a username exists or not! This technique safeguards you from a possible situation where your blog gets hacked or your user accounts are compromised.
Installation of the Plugin is very simple. Grab the official repo from here, and upload it on your blog. Activate it and you are done. You can change the settings, if you want to minimize the no. of failed logins (recommended is 2) it takes, to lock out an IP address.
The Trouble with Limit Login Attempts Plugin
Another great plugin for securing your login pages is Limit Login Attempts. But with this plugin, i have had too many troubles lately. The most irritating one is that, after a failed login attempt it displays a blank warning message (an empty red box). This is because of a possible conflict with the wp-login.php file in the root directory.
This problem was already asked in the forums, but has still not yet been resolved. This is why i made the switch to Login Lockdown.
Another advantage you get with Login lockdown plugin is that, after you activate the plugin, it creates two tables in your SQL database namely, wp_lockdowns and wp_login_fails. So in case if you deactivate or delete the plugin in future, and reactivate it back again, all the records of IP addresses which were locked out earlier, will still remain intact.
Remember, the more steps you take to secure your site, the less chances are, that it will get hacked. Stay smart, stay safe!
Did you find login lockdown plugin for wordpress useful for your blog? If you would like to be updated about other security tutorials we share on this blog, get subscribed so that you never miss one.