Aug 072014
 

All In One WP Security And Firewall Brute Force helps you to protect the rename login page, cookie based brute force prevention, login captcha and more.

Last Updated: July 31, 2018

Latest News: I have added more information.

Everybody knows how important it is to add very good security to your website login. Enabling one of the brute force login features in the plugin will increase your security and peace of mind.

What is a brute-force attack? A brute force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly your password. Having a complex unique login name for your website login page will definitely make it very hard for hackers to crack. If you have not enable this feature, I highly recommend that you do so as soon as possible.

You might like to read more about brute force attacks from the following URL wiki Brute-force_attack.

All In One WP Security And Firewall Brute Force

Step 1 ) Click on WP Security -> Brute Force to set up the following options. See images below.

Brute Force Features

  • Rename Login Page
  • Cookie Based Brute Force Prevention
  • Login Captcha
  • Login Whitelist
  • Honeypot

all-in-one-wp-security-land-firewall-brute-force

Rename Login Page

Step 2 ) Go to WP Security -> Brute Force -> Rename Login Page to set up the following options.

Note: A hook was added to allow a 404 page error instead of a 403 WordPress error message. Click here to learn how to use the new hook in your functions.php file. 

Rename Login Page

  • Enable Rename Login Page Feature
  • Login Page URL
  • Click on Save Settings button when you finish setting up this feature.

Use this feature will add another 10 points score towards your security meter. (Intermediate Security Level)

Note: If you are using a cache plugin, you need to exclude the login page from being cached.

all-in-one-wp-security-brute-force-rename-loing-page-settings

Troubleshooting Rename Login Page

Step 2-a ) If you add a character that is not allowed by the plugin security you will see the following message at the top of the page.

Attention!
You must use alpha numeric characters for your login page slug.

Step 2-b ) If you have WordPress plain permalink structure enabled in your site you will see a ? added to the URL. It will look like this yoursite.com/?your secret name.  By selecting another permalink or a custom structured permalink your URL will change to yoursite.com/your secret name without the ? added.

Rename Login Page Questions

Q1: How do I configure the rename login page url to redirect to WooCommerce accounts page?

Solution 1: Read the following support thread. It shows you the function you can add in your theme functions.php file. This will redirect to the WooCommerce accounts page.

Q2: Why when enabling the rename login page feature, AIOWPS plugins changes the language strings translation for the wordpress standard login page?

Solution 1:  When you use the rename login page feature, the “login page” output strings are not coming from the standard wp-login.php file but instead come from a file inside the aiowps plugin. That file is called wp-security-rename-login-feature.php which resides in the “other-includes” directory of this plugin. Hence the reason for the translations being required.

===============================

Cookie Based Brute Force Login Prevention

Step 3 ) Go to WP Security -> Brute Force -> Cookie Based Brute Force Login Prevention to set up the following options. See image below.

Note: If you are using cache in your site you can exclude the cookie from being cached. Find the cookie name by looking in your DB and finding the option_name called “aio_wp_security_configs”. Inside there look for the “aiowps_cookie_brute_test” and get the cookie name.

Cookie Based Features

  • Enable Brute Force Attack Prevention
  • Secret Word
  • Re-direct URL = Note: You can add a custom URL in this field. This is a good idea if you wish to share some personal message to those trying to hack your site.
  • My Site Has Posts Or Pages Which Are Password Protected
  • My Site Has  Theme or Plugin Which Use Ajax
  • Click on Save Feature Settings button once you have completed your set up.

This will add another 20 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-brute-force

===============================

Login Captcha

Step 4 ) Go to WP Security -> Brute Force -> Login Captcha to set up the following options.

Login Form Captcha Settings

  • Enable Captcha On Login Page:

Custom Login Form Captcha Settings

  • Enable Captcha On Custom Login Form:

WooCommerce Forms Captcha Settings

  • Enable Captcha On Woocommerce Login Form:
  • Enable Captcha On Woocommerce Registration Form:

Lost Password Form Captcha Settings

  • Enable Captcha On Lost Password Page:

Multisite Settings

  • Added login form captcha functionality for sub-sites in a multi-site installation.

If you enable all the captcha features above, it will add another 70 points score towards your security meter. (Basic Security Level)

Troubleshooting Login Captcha

Step 4-a ) There was a question/ issue posted in the forum about adding captcha to the sidebar using a widget/plugin. You can read more about the solution from the following URL sidebar-login-captcha-not-working provided by one of the developers.

===============================

Login Whitelist

Step 5 ) Go to WP Security -> Brute Force -> Login Whitelist  to set up the following options.

Login Whitelist Options

  • Enable IP Whitelisting
  • Your Current IP Address
  • Enter Whitelisted IP Addresses
  • Added IPv6 support for the whitelist feature (Added in version 4.0.2)
  • Click on Save Settings button once you have completed your set up.

This will add another 15 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-whitelist

===============================

Honeypot

Step 6 ) Go to WP Security -> Brute Force -> Honeypot to set up the following option. he following image allows you to set up Login Form Honeypot Settings. (Added in version 3.7.8) (Fixed in version 3.8.1 and 3.8.2)

  • Enable Honeypot on Login Page
  • Click on Save Settings button once you have completed your set up.

This will add another 10 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-honeypot

================================

Troubleshooting Brute Force

Q1 Any way to retrieve the changed login page from db or wordpress files?

Answer 1 = If you’re referring to the rename login page, it is stored in WordPress options table.  (Solution provided by wpsolutions in the forum)

Look for the row with “aio_wp_security_configs” and then look inside the option_value field and find the paramater “aiowps_login_page_slug” which should have the value following it.
Similarly, if you are referring to the cookie based brute force feature, it is same as above except you will look for the “aiowps_brute_force_secret_word” parameter to get the value.

Note: for rename login page if you have permalinks enabled your login URL will look like: yoursite.com/secret_slug

If permalinks are set to plain

  • For rename login page feature: yoursite.com/?secret_slug
  • For cookie based feature: yoursite.com/?secret_slug=1

================================

Click on the following link Spam Prevention to continue configuring the plugins settings.

If you have any questions please let me know.

Enjoy.

All In One WP Security & Firewall Tutorials List:

Manuel Ballesta RuizManuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.