#1  
02-06-2012, 10:08 PM
lordsmurf's Avatar
lordsmurf lordsmurf is online now
Site Staff | Video
 
Join Date: Dec 2002
Posts: 13,501
Thanked 2,447 Times in 2,079 Posts
I've been asked multiple times which of these WordPress login security plugins is "best".

Generally speaking, I prefer to use Limit Login Attempts --- not Login Lockdown. For whatever reason, the latter one seems to have a popular following, but as is the case with many popular WordPress plugins, I don't think it has any basis in quality.

Search Google for "login lockdown" and notice that the next suggested/common search is for "login lockdown exploit". That's not good.

loginlockdown.jpg

Additionally, I've seen Login Lockdown fail several times in the past. It's no longer officially supported, and most replacements are either weak (Simple Login Lockdown), or part of some all-inclusive all-in-one so-called "security" plugin. And the all-in-one method is just a bad/dumb approach to security.

One of the benefits of Limit Login Attempts, which is still current with the 3.x branch of WordPress, is the ability to send emails to the admin, when too many failed attempts have occurred.

You must be logged in to view this content; either login or register for the forum. The attached screen shots, before/after images, photos and graphics are created/posted for the benefit of site members. And you are invited to join our digital media community.


For example, this was a recent email sent to me about a site:

Code:
16 failed login attempts (4 lockout(s)) from IP: 193.105.240.173
Last user attempted: admin
IP was blocked for 24 hours
Code:
Return-Path:<server@hostname>
From: "Site" <no-reply@site.com>
To: <admin@site.com>
Subject: [Site Name] Too many failed login attempts
Date: Sun, 5 Feb 2012 16:51:46 -0600
Message-ID: <df052e1665d57eb03742bbd46f6f4208@site.com>
MIME-Version: 1.0
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3664
X-OlkEid: BDE410203A9F6D4B4520D943B805D2904D647BE6
X-PHP-Script: www.site.com/wp-login.php for 193.105.240.173
This is a multi-part message in MIME format.
193.105.240.173 = Latvia
Additionally, there's no user named "admin" on any WordPress sites I run. That would be unsafe.



- Did my advice help you? Then become a Premium Member and support this site.
- For sale in the marketplace: TBCs, workflows, capture cards, VCRs
Reply With Quote
Someday, 12:01 PM
admin's Avatar
Ads / Sponsors
 
Join Date: ∞
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
How to use cPanel/WHM cPHulk to block unwanted login attempts> kpmedia Web Hosting 4 03-28-2014 09:15 AM
Login problems with IMAP, CentOS Plesk 9 [solved] kpmedia Website and Server Troubleshooting 2 04-29-2010 05:21 PM
HTML login code like vBulletin for a website ? JonathanEntertainment Website and Server Troubleshooting 3 01-21-2010 07:11 PM
Wordpress wp-admin login loop [SOLVED] admin Website and Server Troubleshooting 0 10-08-2009 02:20 PM
Having login trouble? (IE5,IE6) Here’s the fix... admin General Discussion 0 04-19-2004 03:32 PM

Thread Tools



 
All times are GMT -5. The time now is 06:18 AM