Couple of days ago I received an email from WordPress saying “Someone has asked for a password reset for www.wordpress-ecommerce.com, If you are the right person follow the link to reset your password”. I was totally surprised getting that email as it never happened to me and I was never that worried about the security of my website before. Luckily I found a WordPress plugin named “Login LockDown” and installed on my site instantly.

One good think about this plugin is it keeps track of the IP address and after a certain number of login attempt (which you can specify in the settings of the plugin) from the same IP address, it disables the login option. So anyone who is trying to hack your password using brute force won’t be able to do anything.

There are 5 options under the main settings.

• Max Login Retries: It determines how many times someone can tries to log in from the same IP.
• Retry Time Period Restriction: you can specify a time period after which someone can retry.
• Lockout Length: Length of the time period for lockout.
• You can also lockout invalid username and mask login error checking the option.

At the bottom of the plugin settings, you can also see if it has blocked any IP address currently. If it does that means someone was trying to get access to your site.

Another mistake that people often do is installing any kind of free WordPress Plugin on their server. Free WordPress plugin doesn’t mean that it’s secure. Before installing any plugin you need to make sure that it’s credible and helpful for you. Some people even don’t use any plugin but they will have to have hundreds of free WordPress plugins installed on their site. What they don’t realize is any of this plugins might have a malicious PHP script. Once you activate the plugin the malicious PHP script will run and cause harm to your site. And who knows how worse it can be. I’ve a friend whose website got hacked by  this. Not too long ago. The Malicious PHP script which caused harm to his site not only did different weird things but also changed the file permission of all the folders and files. Consequently, his site became so vulnerable that it can be hacked by other people easily.

So even if nobody has hacked your login information, you are letting other people get into your site just by installing a free WordPress plugin. I recommend you to think wisely before installing any WordPress plugin, no matter if it’s a free plugin.

The Login LockDown plugin can be found here.

Related posts

• WordPress MU Installation (0)
• WordPress Admin Themes (5)
• Useful WordPress Plugins for Admin (0)
• Useful Search Engine Optimization Tips For WordPress (7)
• Top 60 Widgets For WordPress (11)