Protect Login
protect.oneOut of the box, WordPress allows unlimited attempts to log in. This opens up opportunities for attackers to crack passwords simply by trying over and over again. This kind of attack is called brute-force, and Protect Login mitigates this by slowing down the login after a series of subsequent failed attempts.
But we did not stop there. We’re also working on ways to improve the security of your WordPress passwords. Currently, we do this by allowing you to enforce a password policy to make sure your users don’t use weak passwords for their accounts.
We’re part of group.one, a group of European hosting companies. We’re here to help you succeed online.
We care about WordPress and keeping WordPress sites secure. So we decided it was time to take the code of the original Limit Login Attempts plugin and build on top of it.
We did this for you. Protect Login is 100% free and will not bother you with nasty upsells or scare marketing. You have better things to do, don’t you?
This is very much by design. Otherwise, you could simply brute force the “admin” password by logging in as your own user every 4th attempt.
If you’re not sure about this, chances are your site is not behind a reverse proxy. However, Protect Login’s settings offer an option to activate proxy mode.
A reverse proxy is a server between the site and the Internet (perhaps handling caching or load-balancing). This makes getting the correct client IP to block slightly more complicated.
Yes, there is an allowlist tab in Protect Login’s settings.
Either wait until your account/IP is unblocked, or if you have FTP or SSH access to the site, rename it “wp-content/plugins/protect-login” to deactivate the plugin.
Yes, if the webserver passes an IPv6 address to your WordPress installation, the plugin has no problems to handle IPv6 from 1.2.0.
It does exactly what it should
By Jonas (elbsegler) on September 22, 2024
It does exactly what it's supposed to.
Thank you for this plugin. It's very nice not to be bombarded with ads.
1.2.0
- IPv6 support
- Endpoints for WP-CLI
- Added filter for password strength
- “Settings” link in plugin overview
- Bugfix: string “password too short” erroneous appeared in Quick Draft widget, removed.
1.1.1
- Removed unused strings
- Added translator comments
- Restructured some strings for easier translations
1.1.0
- Tested with WordPress 6.6
- Added Multisite Support
- Added filters to set protection levels programmatically
- Fixed issue with timestamps always using UTC
1.0.1
- Fixed minor bugs
1.0
- Initial version
- based on Limit Login Attempts 1.7.1 by Johan Eenfeldt
- Upload the plugin files to the
/wp-content/plugins/protect-login
directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress.
- The default settings will be applied automatically. To change them, navigate to Settings > Protect Login
Reviews
5 out of 5 stars
- Version: 1.2.0
- Last updated: 1 month ago
- Active installations: 80
- WordPress version: 5.7
- Tested up to: 6.6.2
- PHP version: 7.4