Login Lockdown is a great added security plugin. If you feel you have people trying to guess your password to login to your site, this plugin will be a great fit for you.
So some of the options includes max login attempts, retry time restrictions, lockout length, along with lockout invalid usernames and masking login errors.
One of the really cool features I really like about this plugin is the “mask login errors.” This option will let you hide the error of either “wrong username” or “wrong password,” which helps because it makes it harder for an attacker to figure out which portion of the login is wrong.
If someone passes the threshold of the max login attempts, they will then be locked out and won’t be able to try to login until the time limit is lifted.
One feature I would love, is an optional email alert on failed login attempts. That way, if someone is trying to hack into your site, you’re quickly alerted and can take action on it. A log history of all past attempts would be cool too, but those just some feature requests.
Here are a few screenshots of what the plugin looks like and does.
Download link: http://downloads.wordpress.org/plugin/login-lockdown.zip
Hi, I just caught the tweet on this.
Thanks for sharing about this plugin. I’ll be sure to check it out.
Another security measure that bloggers running on WordPress might want to consider is to create a user (other than “admin”) who is an administrator-level user. Then make “admin” a normal user (like subscriber or some such).
Since entry depends on knowing two things (the username and password), without knowing the username for the administrative user, attackers are surely not going to be able to get in even if they were somehow able to guess a password.