You may have noticed that WordPress security is an important topic here on TheCMSPlace. And this is not just something that we like to write about – it is really important. Why? Well because you may spend hours, days, weeks and even years maintaining your website and filling it with high quality content and one day you may find it destroyed due to a hack. And this is something that should not happen. That is why WordPress security should be a high-priority topic for any user and webmaster and you should always make backups.
In this post I am going to make a review on one plugin that helps improve the login security of WordPress. It is called Loginizer.
What does Loginizer do?
It protects against bruteforce attacks. They are aimed at trying different combinations of passwords until they figure out a correct combination and therefore provide the hacker (who launched them) access to your website. Now you may imagine what might happen if your admin account is revealed.
So in order to prevent this from happening you need to take care of some things – first of all don’t use “admin” as a username for any admin account on your website. Second – use as complex passwords as possible. Third – add a protection like Loginizer.
How does Loginizer work?
By providing login attempts limitation for any IP. This means that if a bruteforce attack is launched from one IP the hacker may be able to guess your passwords only several times. Then this IP is blocked. You can also select IP addresses that you consider dangerous and add them to a blacklist using Loginizer. This means that any potential attack from them won’t even start since the access will be blocked in advance.
What about any IP addresses that are considered safe? You can whitelist them and Loginizer won’t be a problem. Make sure that your own IP is added to this list so that you can make sure that you will get access anytime you want to your own website.
That’s great! How to use Loginizer?
Begin by visiting the official WordPress.org page of the plugin. From there you can download it and the install it on your own website manually or you may search for Loginizer using the built-in WordPress plugin installer in your dashboard (admin section).
Then activate it and you will receive a new menu called Loginizer Security. It contains two sub-menus:
- Dashboard – which contain information about your system
- Brute Force – which contain the options for Loginizer
In the first sub-menu you may want to check the section where your File Permissions are displayed. Make sure that your permission scheme matches the suggested one by Loginizer. Check carefully your system information as well.
In the Brute Force sub-menu you have to adjust some settings:
- Max Retries – default value is 3;
- Lockout Time – default is 15 minutes;
- Max Lockouts – default is 5 times;
- Extend Lockout – default is 24 hours. This extends Lockout time after Max lockouts;
- Reset Retries – 24 hours (default value);
- Email Notification – here you may add a number of lockouts that should occur before the system notifies you for them via email. Default value is 0 times (i.e. email notifications are disabled);
Here you have to add your Blacklist and Whitelist IP addresses. You may also add ranges.
At the top of the Brute Force sub-menu you will see any failed login attempts in the past 24 hours. The information provided is the number of the attempt, the IP it came from, the date and hour of the attempt, count and lockout counts for this attempt.
You may also remove information from these logs or clear them at all.
Loginizer is great! How can improve my protection further?
You have 2 options:
- consider purchasing the PRO version of Loginizer which adds additional security features like captcha, two-fores auth and others;
- install additional free plugins that will improve your security;
And that’s all friends! What do you think about Loginizer? Share any thoughts, feedback, questions or problems in the comment section below. Don’t forget to spread the word about this post in social media as well. By doing this you will help other users like you to improve the security of their WordPress websites.
See you soon, friends!