Login Security Solution ensures that brute force attempts to guess your user name and password are stopped.
Why Login Lockdown Is Important
Login Security Solution keeps an eye out for failed login attempts. If someone tries to log in too many times with a wrong user name/password combination this plugin will slow down response times.
This will make a brute force attack impossible.
At the same time the plugin allows legitimate users multiple login attempts without blocking them if they have forgotten their password.
This an effective way to stop user name/password guessing without creating problems for legitimate users.
Other security functions added by this plugin:
Password strength is enforced.
Users have to use strong passwords.
Password aging can be enabled.
Users are forced to change passwords after a configurable period of time.
All users can be forced to change passwords.
The administrator can require users to change their passwords next time they login.
Idle sessions can be logged out after a configurable amount of time.
Note! Please read the Recommendation before you install this plugin.
How You Complete This Security Checkpoint
Add and Activate the plugin.
Depending on your situation require all users to change passwords or disable the reminder.
If you have many users on your site changing passwords can be a good idea to ensure they all have strong passwords.
Most of the default settings are fine.
There are a couple of settings you might want to adjust.
Email notifications about brute force attacks: By default the administrator will receive an email if anyone tries to login to your site.
In the Notifications To field you can optionally enter a different email address.
To disable email notifications set Failure Notification to 0.
You can change the settings for Idle Timeout.
We find the default settings are a bit low, and recommend you set it to 60 or 120 (1 or 2 hours).
If you are the only person using the administrative interface you can disable the timeout by setting the value to 0.
We recommend that you use the Wordfence Security plugin. This plugin also provides protection against brute force attacks, but it does not enforce password strength or allow you to reset all user passwords.
Do you have user registration enabled on your site?
Or do you allow other people to contribute content to your site using their own logins?
If you answered yes to one of those questions we recommend that you use Login Security Solution in addition to Wordfence to strengthen your user management.
If you are the only person logging in to your WordPress site you do not need to use the Login Security Solution – Wordfence will be fine. Of course you still need to use a good password management solution with strong passwords – see Password Management.
Please leave them below. Thanks!