Simple Login Lockdown prevents brute force login attacks/attempts on your WordPress installation.
| Author: | Christopher Davis (profile at wordpress.org) |
| WordPress version required: | 3.2.0 |
| WordPress version tested: | 3.5 |
| Plugin version: | 1.1 |
| Added to WordPress repository: | 29-11-2011 |
| Last updated: | 22-12-2012
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 88 |
| Rated by: | 7 |
| Plugin URI: | https://github.com/chrisguitarguy/simple-logi... |
| Total downloads: | 58 363 |
| Active installs: | 8 000+ |
 Click to start download |
|
Simple login lock down is a way to protect your WordPress blog from brute force login attacks.
How it works: 1. An attacker attempts to login and fails 2. Simple Login Lockdown record that failed login 3. After a certain number of failed attemps (defaults to five), further attemps to access the wp-login.php page are blocked for a time (defaults to one hour).
If you happen to forget your password and make a failed login attemp yourself, the plugin will clear out the lockdown count data on successful login.
Note: This uses $_SERVER['REMOTE_ADDR'] directly. If you're behind a proxy (load balancer, etc), it's not going to work as expected. Eg. Several folks could be attempting logins at once, and all fail. As such, the plugin would pick up on all those requests coming from the same IP -- the load balancer -- and lock the login down. No good. If you're using a load balancer or in some other situation where you're behind a proxy, use this as an example and write your own. Or filter the IP as your desire using cd_sll_pre_ip.
Screenshots
FAQ
ChangeLog