Michael VanDeMar, who comes from a bad neighborhood, sent me an email about his latest WordPress plugin call Login LockDown. The security plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Installation of the plugin is a simple download, unzip, upload and activate. The plugin settings can be customized from the Options panel. Login LockDown defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. You can change those setting to whatever you feel like. You can also manually release locked out IP ranges.
The control panel also shows all the locked out IP addresses so you can see how many people tried to hack into your WordPress control panel. Overall, a very cool “working in the background” plugin that should provide an extra bit of security for your WordPress blog.
Did you enjoy this post? Get John Chow Dot Com updates via email...
Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.
One of the most common complaint (or excuse) I hear from potential new bloggers is they don’t know how to install WordPress. Terms like FTP and CPanel are like a foreign language and setting up a database might as well be setting up the space shuttle for a launch. Because of the technology barrier, many would-be bloggers never start their blogs...
{ 42 comments }
Interesting plugin. Much needed I think. Thanks for the heads up sir. Now, can he solve the problem of splogs?
Well lets take this for a test drive…
Use “Captcha” and Use No-follow.
No dont use No-Follow, simply using akismet is enough.
Well “nofollow” is an easy solution. Akismet is a differnt story if you don’t use wordpress.
Askimet’s great but recently (the last week) there’s been a few bits of spam getting through – more than ever before.
nice little plugin……wordpress.com should have them…i keep getting email from people trying to retreive my password
Great plugin! I wonder how many people have tried to hack into John Chow’s blog in the last few months? Gosh…
If they haven’t, they will now – just for the challenge!
Very cool plugin, will diffidently try it out, also there is another plugin that I have that tracks ip who logins in and if it is a new, different one it will email the admin and let them know a new ip just logged into the admin account. I do not have a link for it sorry.
I’m getting an SQl error when the plugin is activated. Anyone else getting this error?
John, thank you for letting people know about this.
MDJ, what error are you getting? Can you email me the text of the error, your PHP, MySQL, and Worpress versions please? Contact link is at the bottom of all pages on Bad Neighborhood, thanks. As far as I know no one else has reported any problems with it.
Ok, I just released version 1.1. Apparently I utilized a MySQL 4.1.1 function in the plugin, and WordPress only requires MySQL 4.0. My bad, I apologize. The new version is available for download now on the same download page. Anyone who was getting a MySQL error before would need to upgrade in order for the plugin to work. For all others, if it works now, no need to change anything, as the only change made with this release was to insure the compatibility with MySQL 4.0.
Thanks.
Fantastic! Not only a great plugin but a very well supported one by the looks of things. Great job.
Interesting plugin. Will have to link to it from my own blog! Thanks for the tips.
Even in this day and age, so many female bloggers are harassed and attacked through their blogs it is truly sickening. Something like this has been much needed. Thanks for posting this, John.
Thanks mate. I will certainly check this one out for the extra security
I dont know if its the same plugin as the bad-neighborhood websites not working but ever since one of my other sites got hacked Ive been using a lock out plugin on all my blogs.
Nice WordPress plugin!
Thanks~
Thanks for posting this! Will be useful since I am getting suspicious.
Geez…who would want to hack a peace loving site like mine? But I guess I should install this security device…can’t hurt!
– Raymond (MONEY BLUE BOOK)
Yep definitely – don’t go tempting fate!
I’ve actually been looking for something like this.
Since we’re on security, is it simple to put the admin pages on ssl?
Will try this in my blog. Thanks, John!
Do you know of many people attempting to hack your blog in this way John?
I think you don’t need to use this unless you are making passwords too easy to crack but I guess it’s useful…
Better safe than sorry – especially if your site tries to get hacked.
Interesting plugin, but how much of a need is there? Have you had problems with people trying to hack your login? Good passwords seem like a good preventative measure.
I think extra security on your blog never hurts. It doesn’t affect your load time either since it is backend. If I had as many visitors/eyes on my blog as J.Chow I’d plug that baby in instantly.
Will definitively give it a try to this plugin. Prevent instead to cure
Are there that many people actually try to randomly guess your wordpress login?
I’m sure blogs like JohnChow or ProBlogger have that problem. Every once in a while I also see people randomly goto my login page (even though there is no link to it)
Perhaps I’ll try that out after my blog gets a little larger and more likely to be attacked. A place like JohnChow.com could be a pretty big target.
Thats how I feel. Not now, but maybe later. But now that I’ve said this maybe I should do it. Maybe we will be targets.
Meh I don’t really use my wordpress login system that much
That doesn’t mean someone else isn’t trying to use it.
Nice… I will have to look into that myself.
Security plugins are always good plugins.
Anyone have a mirror? The site has been down for a couple days now for me.
John,
I no longer can download this plugin
Could you please spare me one?
Kind regard,
Ron
Any news on when the site will be back up? It’s a pity as everyone’s keen on here.
Sorry everyone… I just had the worst hosting experience I have yet had the dis-pleasure to be a part of. The site is now live on it’s new host, and DNS has been propagating since late last night. If anyone cannot get to the new location and wants a copy of the plugin before they can, please let me know and I will email you a copy.