Aug 072014
 

All In One WP Security And Firewall Brute Force helps you to protect the rename login page, cookie based brute force prevention, login captcha and more.

Last Updated: June 18, 2017

Latest News: I have added more information.

All In One WP Security And Firewall Brute Force Steps

Step 1 ) Click on WP Security -> Brute Force to set up the following. See images below.

  • Rename Login Page
  • Cookie Based Brute Force Prevention
  • Login Captcha
  • Login Whitelist
  • Honeypot

all-in-one-wp-security-land-firewall-brute-force

Step 2 ) Go to WP Security -> Brute Force -> Rename Login Page to set up the login page brute force. The following image allows you to set up Enable Rename Login Page Feature and Login Page URL. Click on Save Settings button once you have completed your set up.

This will add another 10 points score towards your security meter. (Intermediate Security Level)

Troubleshooting Steps

Step 2-a ) If you add a character that is not allowed by the plugin security you will see the following message at the top of the page.

Attention!
You must use alpha numeric characters for your login page slug.

Step 2-b ) If you have WordPress plain permalink structure enabled in your site you will see a ? added to the URL. It will look like this yoursite.com/?your secret name.  By selecting another permalink or a custom structured permalink your URL will change to yoursite.com/your secret name without the ? added.

all-in-one-wp-security-rename-loing-page

Step 3 ) Go to WP Security -> Brute Force -> Cookie Based Brute Force Login Prevention to set up the following options. See image below.

  • Enable Brute Force Attack Prevention
  • Secret Word
  • Re-direct URL = Note: You can add a custom URL in this field. This is a good idea if you wish to share some personal message to those trying to hack your site.
  • My Site Has Posts Or Pages Which Are Password Protected
  • My Site Has  Theme or Plugin Which Use Ajax
  • Click on Save Feature Settings button once you have completed your set up.

This will add another 20 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-brute-force

Step 4 ) Go to WP Security -> Brute Force -> Login Captcha to set up the following options. See image below.

  • Enable Captcha On Login Page
  • Enable Captcha On Custom Login Form
  • Enable Captcha On Lost Password Page
  • Added login form captcha functionality for sub-sites in a multi-site installation. (Added in version 4.0.8)

If you enable all the captcha features above, it will add another 50 points score towards your security meter. (Basic Security Level)

all-in-one-wp-security-host-system-lost-passwordcaptcha

Login Whitelist

Step 5 ) Go to WP Security -> Brute Force -> Login Whitelist  to set up the following options.

  • Enable IP Whitelisting
  • Your Current IP Address
  • Enter Whitelisted IP Addresses
  • Added IPv6 support for the whitelist feature (Added in version 4.0.2)
  • Click on Save Settings button once you have completed your set up.

This will add another 15 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-whitelist

Honeypot

Step 6 ) Go to WP Security -> Brute Force -> Honeypot to set up the following option. he following image allows you to set up Login Form Honeypot Settings. (Added in version 3.7.8) (Fixed in version 3.8.1 and 3.8.2)

  • Enable Honeypot on Login Page
  • Click on Save Settings button once you have completed your set up.

This will add another 10 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-honeypot

================================

Troubleshooting

Q1 Any way to retrieve the changed login page from db or wordpress files?

Answer 1 = If you’re referring to the rename login page, it is stored in WordPress options table.  (Solution provided by wpsolutions in the forum)

Look for the row with “aio_wp_security_configs” and then look inside the option_value field and find the paramater “aiowps_login_page_slug” which should have the value following it.
Similarly, if you are referring to the cookie based brute force feature, it is same as above except you will look for the “aiowps_brute_force_secret_word” parameter to get the value.

Note: for rename login page if you have permalinks enabled your login URL will look like: yoursite.com/secret_slug

If permalinks are set to plain

  • For rename login page feature: yoursite.com/?secret_slug
  • For cookie based feature: yoursite.com/?secret_slug=1

================================

Click on the following link Spam Prevention to continue configuring the plugins settings.

If you have any questions please let me know.

Enjoy.

Go Back To All In One WP Security & Firewall Plugin Menu

Manuel Ballesta RuizManuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)