digitalFAQ.com Forum - WordPress: Limit Login Attempts vs Login Lockdown

I've been asked multiple times which of these WordPress login security plugins is "best".

Generally speaking, I prefer to use Limit Login Attempts --- not Login Lockdown. For whatever reason, the latter one seems to have a popular following, but as is the case with many popular WordPress plugins, I don't think it has any basis in quality.

Search Google for "login lockdown" and notice that the next suggested/common search is for "login lockdown exploit". That's not good. :eek:

Attachment 2303

Additionally, I've seen Login Lockdown fail several times in the past. It's no longer officially supported, and most replacements are either weak (Simple Login Lockdown), or part of some all-inclusive all-in-one so-called "security" plugin. And the all-in-one method is just a bad/dumb approach to security.

One of the benefits of Limit Login Attempts, which is still current with the 3.x branch of WordPress, is the ability to send emails to the admin, when too many failed attempts have occurred.

Attachment 2302

For example, this was a recent email sent to me about a site:

Code:

16 failed login attempts (4 lockout(s)) from IP: 193.105.240.173

Last user attempted: admin

IP was blocked for 24 hours

Code:

Return-Path:<server@hostname>

From: "Site" <no-reply@site.com>

To: <admin@site.com>

Subject: [Site Name] Too many failed login attempts

Date: Sun, 5 Feb 2012 16:51:46 -0600

Message-ID: <df052e1665d57eb03742bbd46f6f4208@site.com>

MIME-Version: 1.0

X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3664

X-OlkEid: BDE410203A9F6D4B4520D943B805D2904D647BE6

X-PHP-Script: www.site.com/wp-login.php for 193.105.240.173

This is a multi-part message in MIME format.

193.105.240.173 = Latvia
Additionally, there's no user named "admin" on any WordPress sites I run. That would be unsafe.