WordPress: Limit Login Attempts vs Login Lockdown
2 Attachment(s)
I've been asked multiple times which of these WordPress login security plugins is "best".
Generally speaking, I prefer to use Limit Login Attempts --- not Login Lockdown. For whatever reason, the latter one seems to have a popular following, but as is the case with many popular WordPress plugins, I don't think it has any basis in quality. Search Google for "login lockdown" and notice that the next suggested/common search is for "login lockdown exploit". That's not good. :eek: Attachment 2303 Additionally, I've seen Login Lockdown fail several times in the past. It's no longer officially supported, and most replacements are either weak (Simple Login Lockdown), or part of some all-inclusive all-in-one so-called "security" plugin. And the all-in-one method is just a bad/dumb approach to security. One of the benefits of Limit Login Attempts, which is still current with the 3.x branch of WordPress, is the ability to send emails to the admin, when too many failed attempts have occurred. Attachment 2302 For example, this was a recent email sent to me about a site: Code:
16 failed login attempts (4 lockout(s)) from IP: 193.105.240.173 Code:
Return-Path:<server@hostname> Additionally, there's no user named "admin" on any WordPress sites I run. That would be unsafe. |
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.