The backend login page is, like any door, the main focus of "brute force" attacks on a WordPress site. This implies that since all WordPress share the URL mysite.com/wp-admin/, hackers employ bots that systematically search for this address and then proceed to enter usernames (eg: admin) and typical passwords (or not so) to gain access to our site and take control of it.
WP Login Lockdown is the plugin that comes to protect our website with various tricks up its sleeve. In this note we are going to show you how to get the most out of it easily so that you leave your site safe from this kind of criminals.
What is WP Login Lockdown?
WP Login Lockdown is a component for WordPress focused on everything related to the login page back end (read /wp-admin/). Broadly speaking, it has two great virtues. First, the ability to limit the number of failed login attempts from a specific IP address. This prevents brute force attacks because when the password (or the number we specify) is wrong three times, the person (or robot) is blocked by its Internet identification number (IP). Second, but not least, WP Login Lockdown allows you to change the path or URL of the login page; that is, instead of /wp-admin/ we can give it another name. For example, mysite.com/puertasecreta/ (and so clearly mysite.com/wp-admin/ ceases to exist as a possible URL). We will see these and the rest of its benefits below.
Benefits of WP Login Lockdown
WP Login Lockdown puts at our disposal a range of characteristics that make it the most convenient tool to protect our WordPress with a handful of clicks.
We will very easily understand what each thing does and why. Thus, it is possible to decide immediately if said configuration or tool is useful for us, or if we intend to modify some factory value or not.
Number of login attempts
WordPress allows an unlimited number of login attempts, making life easier for hackers. WP Login Lockdown allows us to establish a limit that, when exceeded, the IP address of the third party is blocked.
WP Login Lockdown allows us to adjust the lockdown time for those who exceed the maximum number of attempts. The attacker will not be able to access the login page for the specified time, defeating their intent.
IP black/white lists
WP Login Lockdown allows you to add specific IPs as well as secure (white) or insecure (black). Whitelisting ensures that an IP is not blocked (even if the attempt limit is exceeded). The black list means that an IP can never enter.
Suspicious or directly criminal activities are not only recorded by WP Login Lockdown but are also reported to the email address of our choice.
Custom lock message
WP Login Lockdown allows us to write a message that is displayed when the user is blocked. This can help deter hackers, but it also alerts legitimate users that their IP address has been blocked.
WP Login Lockdown Quick Guide
Below we present two screenshots of WP Login Lockdown explaining with arrows and captions what each thing does. With these captures, it is undoubtedly possible to carry out the most basic and even advanced defense actions. Clicking on the explanatory images allows you to view them in full screen.
Duplika includes WP Login Lockdown PRO in its services WordPress Plus and Managed
the section Tools (tools) offers some functions that can be very useful as well.
The first option, Email Test, controls that we can effectively receive emails from the plugin through our WordPress (remember that WP Login Lockdown reports are sent by email if we wish).
Recovery URL It is a secret address (only we should know it) to access the Back-End of our WordPress in case we have been blocked ourselves due to a wrong password.
Finally, import Y Export It does what is typical of these plugins, which is the possibility of importing and exporting all the configurations in case we want to move them to another site of ours or have them as a backup.
on the flap activities, as we can infer, we will find the complete record of all the invalid access attempts and, in addition, the IPs that were blocked.
On your side, Firewall it supports some more complex configurations that we don't recommend touching. We believe that the first two catches they are more than enough to protect our site. Therefore, we will only customize the options behind the tab Firewall if we know why we are doing it.
Yes: through the flap Country Blocking it is possible to completely block one or more countries.
WP Login Lockdown is a close friend of web design. It honestly offers more customization options than the vast majority of plugins we've reviewed in Duplika's history. As we see in the screenshot above, if we want to modify any aspect of the tool (or the login page) we are free to do so.
In the screenshot above we see the tool Temp Access, which can be extremely useful for certain particular occasions. Here we can create a temporary web address to share with third parties, while configuring its duration in time. An hour, a day, 15 days, a month or a year, the time we want. But after this, the access link to the back-end expires.
What are the differences between the free version and a paid one?
As always, the components that are offered for free reserve more advanced features for their PRO version. We can find a comparative table of characteristics between all the plans offered here.
WP Login Lockdown is an excellent plugin when it comes to preventing attacks. It greatly improves the native security of WordPress sites by restricting login attempts and blocking unwanted access. No less important: it also allows you to change the default web address of the access form to our back-end. So, we can say that WP Login Lockdown provides several additional layers of protection against hackers and other malicious actors.
Its interface is very easy to use, and the settings are very customizable. This component adapts to any basic or complex need. By limiting the number of login attempts and blocking suspicious IP addresses we certainly prevent intruders from gaining access to our site.
We appreciate reading, inviting you to leave your impressions in the comments section below. Success, and take care of our content!
We take care of the maintenance of your site
We include WP Login Lockdown in our WordPress Plus and Managed service