Login LockDown - Enhanced WordPress Login Security
Michael VanDeMar, who comes from a bad neighborhood, sent me an email about his latest Wordpress plugin call Login LockDown. The security plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Installation of the plugin is a simple download, unzip, upload and activate. The plugin settings can be customized from the Options panel. Login LockDown defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. You can change those setting to whatever you feel like. You can also manually release locked out IP ranges.
The control panel also shows all the locked out IP addresses so you can see how many people tried to hack into your Wordpress control panel. Overall, a very cool “working in the background” plugin that should provide an extra bit of security for your Wordpress blog.
- Posted in The Net, Wordpress
- 44 comments what's your take?
Sorry, the comment form is closed at this time.
Loading ...
Interesting plugin. Much needed I think. Thanks for the heads up sir. Now, can he solve the problem of splogs?
Reply to this commentWell lets take this for a test drive…
Reply to this commentUse “Captcha” and Use No-follow.
Reply to this commentNo dont use No-Follow, simply using akismet is enough.
Reply to this commentWell “nofollow” is an easy solution. Akismet is a differnt story if you don’t use wordpress.
Reply to this commentAskimet’s great but recently (the last week) there’s been a few bits of spam getting through - more than ever before.
Reply to this commentnice little plugin……wordpress.com should have them…i keep getting email from people trying to retreive my password
Reply to this commentGreat plugin! I wonder how many people have tried to hack into John Chow’s blog in the last few months? Gosh…
Reply to this commentIf they haven’t, they will now - just for the challenge!
Reply to this commentVery cool plugin, will diffidently try it out, also there is another plugin that I have that tracks ip who logins in and if it is a new, different one it will email the admin and let them know a new ip just logged into the admin account. I do not have a link for it sorry.
Reply to this commentI’m getting an SQl error when the plugin is activated. Anyone else getting this error?
Reply to this commentJohn, thank you for letting people know about this.
MDJ, what error are you getting? Can you email me the text of the error, your PHP, MySQL, and Worpress versions please? Contact link is at the bottom of all pages on Bad Neighborhood, thanks. As far as I know no one else has reported any problems with it.
Reply to this commentOk, I just released version 1.1. Apparently I utilized a MySQL 4.1.1 function in the plugin, and WordPress only requires MySQL 4.0. My bad, I apologize. The new version is available for download now on the same download page. Anyone who was getting a MySQL error before would need to upgrade in order for the plugin to work. For all others, if it works now, no need to change anything, as the only change made with this release was to insure the compatibility with MySQL 4.0.
Thanks.
Reply to this commentFantastic! Not only a great plugin but a very well supported one by the looks of things. Great job.
Reply to this commentInteresting plugin. Will have to link to it from my own blog! Thanks for the tips.
Reply to this commentEven in this day and age, so many female bloggers are harassed and attacked through their blogs it is truly sickening. Something like this has been much needed. Thanks for posting this, John.
Reply to this commentThanks mate. I will certainly check this one out for the extra security
Reply to this commentI dont know if its the same plugin as the bad-neighborhood websites not working but ever since one of my other sites got hacked Ive been using a lock out plugin on all my blogs.
Reply to this commentNice WordPress plugin!
Reply to this commentThanks~
Thanks for posting this! Will be useful since I am getting suspicious.
Reply to this commentGeez…who would want to hack a peace loving site like mine? But I guess I should install this security device…can’t hurt!
Reply to this comment- Raymond (MONEY BLUE BOOK)
Yep definitely - don’t go tempting fate!
Reply to this commentI’ve actually been looking for something like this.
Since we’re on security, is it simple to put the admin pages on ssl?
Reply to this commentWill try this in my blog. Thanks, John!
Reply to this commentDo you know of many people attempting to hack your blog in this way John?
Reply to this commentI think you don’t need to use this unless you are making passwords too easy to crack but I guess it’s useful…
Reply to this commentBetter safe than sorry - especially if your site tries to get hacked.
Reply to this commentInteresting plugin, but how much of a need is there? Have you had problems with people trying to hack your login? Good passwords seem like a good preventative measure.
Reply to this commentI think extra security on your blog never hurts. It doesn’t affect your load time either since it is backend. If I had as many visitors/eyes on my blog as J.Chow I’d plug that baby in instantly.
Reply to this commentWill definitively give it a try to this plugin. Prevent instead to cure
Reply to this commentAre there that many people actually try to randomly guess your wordpress login?
Reply to this commentI’m sure blogs like JohnChow or ProBlogger have that problem. Every once in a while I also see people randomly goto my login page (even though there is no link to it)
Reply to this commentPerhaps I’ll try that out after my blog gets a little larger and more likely to be attacked. A place like JohnChow.com could be a pretty big target.
Reply to this commentThats how I feel. Not now, but maybe later. But now that I’ve said this maybe I should do it. Maybe we will be targets.
Reply to this commentMeh I don’t really use my wordpress login system that much
Reply to this commentThat doesn’t mean someone else isn’t trying to use it.
Reply to this commentNice… I will have to look into that myself.
Reply to this commentSecurity plugins are always good plugins.
Reply to this commentAnyone have a mirror? The site has been down for a couple days now for me.
Reply to this commentJohn,
I no longer can download this plugin
Could you please spare me one?
Kind regard,
Reply to this commentRon
Any news on when the site will be back up? It’s a pity as everyone’s keen on here.
Reply to this commentSorry everyone… I just had the worst hosting experience I have yet had the dis-pleasure to be a part of. The site is now live on it’s new host, and DNS has been propagating since late last night. If anyone cannot get to the new location and wants a copy of the plugin before they can, please let me know and I will email you a copy.
Reply to this comment