Login Lockdown! Keep Wordpress Safe.
Michael VanDeMar of Bad Neighborhood blog brings us a new plugin to keep our hackers from login into word press. Login Lockdown will monitor how many times a person tries to log in during a short period of time (say 5 times in 3 minutes). If they exceed some key number, LogInLock down will lock them out from logging for some period of time; the default is one hour. Times and number of tries are adjustable.
Because I write a one person blog and rarely travel, I’m going to continue to protect by limiting access to those using my ISP using .htaccess. But I’ll be testing out the Log In Lock Down in parallel.
One additional feature I might suggest Michael add is automatically sending emails to the blog owner when someone does try to log in too often. The email would alert users to hacking attempts; it might be nice to know about those. Then we might be able to take measures to identify the hackers IP and block them.
Do use something to protect you blog!
If you haven’t protected through .htaccess, you should strongly consider installing this new plugin now. It sounds like just the thing for many bloggers.
Tags:defacing blog hacking plugins WordPress
Related Posts:
- Blog Security: htaccess block
- Two tips to avoid Duplicate Content: Robots.txt or Meta Robots WordPress Plugin
- Lucia's Linky Love for WP 2.3: Option to follow trackback immediately.
- Improve Your Better Feed: Wordpress Plugin
Comments
7 Responses to “Login Lockdown! Keep Wordpress Safe.”
Leave a Reply
Thanks this looks like another useful plugin.
Hey Lucia long time no talk.
As usual I have to wonder how much of the CPU resources this plugin uses. It sounds like a great plugin, especially if it did contact the blog owner with the ip address and possibly other details of the attempted logins.
That’s weird … my link didn’t follow. I wonder if the slash on the end made it not follow? I don’t really care if my link follows or not, but I’m just wondering what’s up with your plugin. I took the end slash off my link this time to see if anything different happens.
I just discovered a hack or an exploit that wrote “mesothel. . .” into the footer of my blog. That, of course, means that every page as well as all posts have contracted “mesothel . . . ” That was fairly easy to fix by commenting out all the php in the footer that I didn’t recognize or that wasn’t identified. What is apparently the same code is resident in the WP theme.
Is this familiar?
@Tricia– this one should only consume resources when you try to login, which isn’t very often. Also, I doubt it does much in terms of computer operations. So, it probably uses very little cpu.
The other one I mentioned this week uses even less. It just runs and creates an .htaccess files with a password. But that’s less convenient to use than this.
@S - Peterson. If someone actually hacked in and added that, you really do need this plugin! (If it turns out the person writing the theme did that, then you need to never trust that theme writer again!)
@Tricia– I added a “wait a day” feature because someone asked. So, it will follow in 24 hours. I’m going to turn that off, but I after coding, I like to use the features to double and triple check.
[…] Fuente : Clic aquí para ir a la pagina ] [ Más información : Clic aquí para ir a la pagina […]