Login LockDown – Enhanced WordPress Login Security

Michael VanDeMar, who comes from a bad neighborhood, sent me an email about his latest WordPress plugin call Login LockDown. The security plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

Installation of the plugin is a simple download, unzip, upload and activate. The plugin settings can be customized from the Options panel. Login LockDown defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. You can change those setting to whatever you feel like. You can also manually release locked out IP ranges.

lockdown.png

The control panel also shows all the locked out IP addresses so you can see how many people tried to hack into your WordPress control panel. Overall, a very cool “working in the background” plugin that should provide an extra bit of security for your WordPress blog.

Download Login LockDown here


44 thoughts on “Login LockDown – Enhanced WordPress Login Security”

  1. Jorge says:

    Interesting plugin. Much needed I think. Thanks for the heads up sir. Now, can he solve the problem of splogs? 👿

    1. Steven says:

      Well lets take this for a test drive…

    2. Anraiki says:

      Use “Captcha” and Use No-follow.

      1. KingJacob says:

        No dont use No-Follow, simply using akismet is enough.

        1. Anraiki says:

          Well “nofollow” is an easy solution. Akismet is a differnt story if you don’t use wordpress.

        2. Geedos says:

          Askimet’s great but recently (the last week) there’s been a few bits of spam getting through – more than ever before.

    3. Wahlau.NET says:

      nice little plugin……wordpress.com should have them…i keep getting email from people trying to retreive my password

  2. Great plugin! I wonder how many people have tried to hack into John Chow’s blog in the last few months? Gosh…

    :mrgreen:

    1. Geedos says:

      If they haven’t, they will now – just for the challenge!

  3. Jeff says:

    Very cool plugin, will diffidently try it out, also there is another plugin that I have that tracks ip who logins in and if it is a new, different one it will email the admin and let them know a new ip just logged into the admin account. I do not have a link for it sorry.

  4. I’m getting an SQl error when the plugin is activated. Anyone else getting this error?

    1. John, thank you for letting people know about this. 🙂

      MDJ, what error are you getting? Can you email me the text of the error, your PHP, MySQL, and Worpress versions please? Contact link is at the bottom of all pages on Bad Neighborhood, thanks. As far as I know no one else has reported any problems with it.

    2. Ok, I just released version 1.1. Apparently I utilized a MySQL 4.1.1 function in the plugin, and WordPress only requires MySQL 4.0. My bad, I apologize. The new version is available for download now on the same download page. Anyone who was getting a MySQL error before would need to upgrade in order for the plugin to work. For all others, if it works now, no need to change anything, as the only change made with this release was to insure the compatibility with MySQL 4.0.

      Thanks. 😀

      1. Geedos says:

        Fantastic! Not only a great plugin but a very well supported one by the looks of things. Great job.

  5. Interesting plugin. Will have to link to it from my own blog! Thanks for the tips.

  6. Even in this day and age, so many female bloggers are harassed and attacked through their blogs it is truly sickening. Something like this has been much needed. Thanks for posting this, John.

  7. Dave says:

    Thanks mate. I will certainly check this one out for the extra security 😀

  8. KingJacob says:

    I dont know if its the same plugin as the bad-neighborhood websites not working but ever since one of my other sites got hacked Ive been using a lock out plugin on all my blogs.

  9. MyBlogCotest says:

    Nice WordPress plugin!
    Thanks~

  10. YC says:

    Thanks for posting this! Will be useful since I am getting suspicious.

  11. Geez…who would want to hack a peace loving site like mine? But I guess I should install this security device…can’t hurt!
    – Raymond (MONEY BLUE BOOK)

    1. Geedos says:

      Yep definitely – don’t go tempting fate!

  12. I’ve actually been looking for something like this.

    Since we’re on security, is it simple to put the admin pages on ssl?

  13. bpo says:

    Will try this in my blog. Thanks, John!

  14. Click Input says:

    Do you know of many people attempting to hack your blog in this way John?

  15. Max says:

    I think you don’t need to use this unless you are making passwords too easy to crack but I guess it’s useful… 😉

    1. Geedos says:

      Better safe than sorry – especially if your site tries to get hacked.

  16. bweaver says:

    Interesting plugin, but how much of a need is there? Have you had problems with people trying to hack your login? Good passwords seem like a good preventative measure.

  17. GnomeyNewt says:

    I think extra security on your blog never hurts. It doesn’t affect your load time either since it is backend. If I had as many visitors/eyes on my blog as J.Chow I’d plug that baby in instantly.

  18. Will definitively give it a try to this plugin. Prevent instead to cure

  19. Word Hugger says:

    Are there that many people actually try to randomly guess your wordpress login?

    1. I’m sure blogs like JohnChow or ProBlogger have that problem. Every once in a while I also see people randomly goto my login page (even though there is no link to it)

  20. Perhaps I’ll try that out after my blog gets a little larger and more likely to be attacked. A place like JohnChow.com could be a pretty big target.

    1. GnomeyNewt says:

      Thats how I feel. Not now, but maybe later. But now that I’ve said this maybe I should do it. Maybe we will be targets. 🙂

  21. Hip Hop says:

    Meh I don’t really use my wordpress login system that much

    1. That doesn’t mean someone else isn’t trying to use it.

  22. will says:

    Nice… I will have to look into that myself.

  23. Security plugins are always good plugins.

  24. Jeff says:

    Anyone have a mirror? The site has been down for a couple days now for me.

  25. ryonn says:

    John,

    I no longer can download this plugin 🙁
    Could you please spare me one?

    Kind regard,
    Ron

  26. Geedos says:

    Any news on when the site will be back up? It’s a pity as everyone’s keen on here.

  27. Sorry everyone… I just had the worst hosting experience I have yet had the dis-pleasure to be a part of. The site is now live on it’s new host, and DNS has been propagating since late last night. If anyone cannot get to the new location and wants a copy of the plugin before they can, please let me know and I will email you a copy.

Comments are closed.