ISS Login Lockdown

ISS Class Project # 2 – Block Brute-Force Attacks

Use the WordPress plugin “Login Lockdown” to stop malicious hackers from “guessing” your admin password (Dashboard /wp-admin).

DESCRIPTION:

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

STEPS:

Log-in to your Dashboard (http://www.yourdomain.com/wp-login.php).
On the left sidebar, click on the down arrow next to the “Plugins” menu to expand.
Click on “Add New.”
Type in Login Lockdown in the search box and click “Search Plugins.”
Click “Install Now.”
Click “OK” to install plugin.
Click “Activate Plugin.”
From the left sidebar, click the right arrow next to the “Settings” menu to expand. Then click “Login Lockdown” to open the settings options.
Set your desired settings (see example image below).* Max Login Retries = how many times wrong password is entered.* Retry Time Period Restrictions (minutes) = time length for number of retries. (Example: 3 wrong login attempts in 5 minutes).* Logout Length (minutes) = How long the IP address range is locked out before they can reattempt to log-in again. (Example below: 1440 = 24 hours).* Lockout Invalid Usernames? = Locks out username guessing.
* Mask Login Errors? = Hides the failed login errors like “Wrong Username” or “Wrong Password.” By default, WordPress prints these on the screen.
Click the “Update Settings” button to save your settings.

Return to ISS Class Project # 1 – Strong WordPress Password

Resources

Contact

Get WordPress Help Now