Mbrsolution

Web Developing / Computer Repairs Brisbane
  • Home
  • Contact Mbrsolution
  • Mbrsolution Blog
  • Search My Site
  • Web Tutorials
    • Joomla Tutorials
    • KompoZer Tutorials
    • WordPress Tutorials
      • WordPress Plugins Tutorials
        • All In One WP Security And Firewall Plugin
        • WordPress eStore Plugin Complete Selling Online Solution
        • WordPress Fast Secure Contact Form Plugin
        • WordPress Photonic Gallery Plugin
        • WordPress Simple PayPal Shopping Cart Plugin
        • WordPress The SEO Framework Plugin
        • WordPress WooCommerce eCommerce Plugin
        • WP eMember Membership Plugin
        • CataBlog Tutorials
      • WordPress Theme Tutorials
        • Template Toaster Software WordPress
        • WordPress ClassiPress Theme Online Selling Classified Ads
        • WordPress Vantage Theme Developed By AppThemes
        • Suffusion Theme Tutorials
  • WordPress Web Design
Home » Security » All In One WP Security And Firewall User Login

All In One WP Security And Firewall User Login

 Security
Aug 092014
 

All In One WP Security And Firewall User Login helps you setup the following options login lockdown, force logout, login retry and much more.

Last Updated: September 21, 2018

Latest News: I have updated the information below.

User login is important to sites for administrators. It is also import if you allow user registration via WP Users. This at the same time allows hackers to attack the login page via brute force. In the login page, the attackers will attempt to repeat the login by trying to guess the password. They will carry out this action until they succeed. This is considered a brute force attack. By enabling all or some of the following features in the plugin you will reduce and stop these forced attacks.

Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks. Remember that constant attempts are you login page will also affect your servers performance.

Note: Currently the plugin does not support IPV6 addresses for login lock down. Please read the following forum post. This is something the developers are currently working on.

All In One WP Security And Firewall User Login

Step 1 ) Click on the WP Security -> User Login to set up the following security settings. See images below.

  • Login Lockdown
  • Failed Login Records
  • Force Logout
  • Account Activity Logs
  • Logged In Users

all-in-one-wp-security-and-firewall-user-login

Login Lockdown

Step 2 ) Go to WP Security -> User Login -> Login Lockdown to set up the following options. See image below.

This will add another 20 points score towards your security meter. (Basic Security Level)

Login Lockdown Part 1

  • Enable Login Lockdown Feature
  • Allow Unlock Requests
  • Max Login Attempts = If you get too many lockouts from your users login in, then you might consider enabling Allow Unlock Request.
  • Login Retry Time Period (min)
  • Time Length of Lockout (min)

Remember: Always check your Account Activity Logs and Logged In Users to know more about what’s happening on your sites admin panel. Checking Logged In Users can be handy. If anyone is logged in, you can notify them if you are going to carry out any updating on your site. 

Step 2-a ) The following image allows you to set up the following options.

Login Lockdown Part 2

  • Display Generic Error Message = Check the following steps Step 2-b ) and Step 2-c ) below for more information.
  • Instantly Lockout Invalid Usernames
  • Instantly Lockout Specific Usernames = In this example the following usernames have been added to the list admin, www, bpm-go, bpmgo. This features comes in handy when you keep getting too many strange usernames trying to log into your site.
  • Notify By Email
  • Click on Save Settings button once you have completed the set up.

Step 2-b ) The following image displays WordPress default error message.

all-in-one-wp-security-log-in-default-error-messageStep 2-c ) The following image displays a generic message when the following feature Display Generic Error Message is enabled.

all-in-one-wp-security-log-in-generic-error-message

Step 2-c ) Go to WP Security -> User Login -> Login Lockdown -> Login Lockdown IP Whitelist Settings to set up the following options. See image below.

  • Enable Login Lockdown IP Whitelist
  • Enter Whitelisted IP Addresses

all-in-one-wp-security-and-firewall-user-login-login-lockdown

Troubleshooting Login Lockdown

The following error message is displayed when someone has been locked out of your site when the following feature Enable Login Lockdown Feature is enabled.

ERROR: Access from your IP address has been blocked for security reasons. Please contact the administrator.

Solution: (Provided by wpsolutions in the forum)

– manually deactivate this plugin via FTP or log into your server and temporarily rename the plugin’s folder. Then once you are logged into your site, you can rename the folder back to it’s original name and unlock your self from the “Locked IP Addresses” tab in the aiowps dashboard menu.

OR,

1) If you have the login white list feature enabled? Try editing the .htaccess file manually and delete the block of code for that feature. (look for the markers “#AIOWPS_LOGIN_WHITELIST_START/END”)

2) Using PHPMyAdmin, go to the “aiowps_permanent_block” table and check if your IP address is listed in it. If it is delete that row.

3) Do the same as step 2) above for the table called “aiowps_login_lockdown“

Failed Login Records

Step 3 ) Go to WP Security -> User Login -> Failed Login Records. The following image displays a record from a failed login. This options helps keep track of what is going on on the back end of your website. You can choose to delete all obsolete records.

Failed Login Records Information

  • Login IP Range
  • User ID
  • Username
  • Date

all-in-one-wp-security-and-firewall-failed-login-record

Step 3-a ) The following image Export to CSV and Delete All Failed Login Records allow you to carry out the following options.

  • Export to a CSV file all login records.
  • You can delete all failed login records.

all-in-one-wp-security-and-firewall-export-delete-records

Troubleshooting Failed Login Records

Q1 How do I fix the following fatal error message when I go to view the failed login records?

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 90 bytes) in /sata1/home/users/malynrada/www/www.malyn-rada.gov.ua/wp-includes/wp-db.php on line 1889.

Solution: Check the following support thread for a possible solution.

Force Logout

Step 4 ) Go to WP Security -> User Login -> Force Logout. The following security option is very useful. If you don’t want your users to stay logged in for too long you can set the time here in minutes. I have set this up to 60 minutes “1 hour”.  This will add another 5 points score towards your security meter. (Basic Security Level)

all-in-one-wp-security-force-logout

Account Activity Logs

Step 5 ) Go to WP Security -> User Login -> Account Activity Logs tab to check all the activities for the WordPress admin accounts registered in your website.

  • You can export the log files into a CSV file.

Step 6 ) Go to WP Security -> User Login -> Current Logged In Users tab to check all the users that are currently logged into your website and allows you to Force Logout the user especially if you think or know it is a suspicious user. The following information is displayed for your purusal.

  • User ID = Force Logout
  • Login Name
  • IP Address

all-in-one-wp-security-logged-in

=============================

Click on the following link User Registration to continue configuring the plugins settings.

If you have any questions please let me know

Enjoy.

All In One WP Security & Firewall Tutorials List:

  • All In One WP Security And Firewall Plugin.
  • Tweet
Manuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.
 Tagged with: login lockdown, Plugins, tutorial

 Leave a Reply Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.

  All In One WP Security And Firewall Settings   All In One WP Security And Firewall Rules

Follow Me

Mbrsolution Facebook Manuel Ballesta Ruiz Google + Mbrsolution RSS Feed Mbrsolution Twitter

Spanish Blog

Blog in Spanish


Blog Español

Recent Posts

  • How To Backup Windows 10 Files
  • WordPress Affiliates Manager Admin Functions
  • WP Vantage Theme Secondary Menu
  • WP Vantage Theme Primary Menu
  • WP Vantage Theme Footer Menu

Recent Comments

  • Webmaster on All In One WP Security And Firewall Troubleshooting
  • Lewis Lorenz on All In One WP Security And Firewall Troubleshooting
  • Webmaster on WordPress Posts Text Formatting Alignment
  • Nelleke on WordPress Posts Text Formatting Alignment
  • Webmaster on Acer Wireless Adapter Qualcomm Atheros Windows 10 Issues

MailChimp Signup Form

Your information will be used to send you Blog updates. You can change your mind at any time by clicking the unsubscribe link at the bottom of any email that you receive from me. You can find details about mbrsolution privacy practices here.
Affiliate Link Manager
WordPress Membership Plugin
WP Shopping Cart
WP Lightbox Ultimate
WordPress Membership Plugin

Pages

  • About Mbrsolution
  • IT and SEO Support Rates
  • Links
  • Mbrsolution Blog
  • PC Tips and Tricks
  • Portfolio
  • Recommendation Tools For Windows
  • Resume
  • Sitemap
  • Testimonials
  • Virtualizing Applications
  • Website Design Tools
  • WordPress Web Design
  • WordPress Website Seo Management
  • WordPress Plugins Tutorials
  • WordPress Theme Tutorials

Tutorials

  • Android Tutorials
  • Facebook Tutorials
  • Gimp Tutorials Latest Version
  • Google Tutorials
  • PayPal Tutorials
  • Selling And Buying eBay Tutorials
  • YouVersion Bible Tutorials
  • WordPress Plugins Tutorials
  • WordPress Theme Tutorials

Buy Me Coffee!

If you find my site helpful and wish to buy me a cup of coffee. Money is used to help pay for hosting as well as other site needs and maintenance. Click on the following image. Thank you and enjoy my site.
Please Donate To Help My Site
© 2009 - 2018 Mbrsolution All Rights Reserved Please read the following:
Terms And Conditions

Privacy Policy

Disclaimer

Copyright Notice.

Mbrsolution Site Monitor
 Suffusion theme by Sayontan Sinha
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.AcceptRead more