Mbrsolution

Web Developing / Computer Repairs Brisbane
  • Home
  • Blog
  • Comment subscriptions
  • Contact Mbrsolution
  • Search My Site
  • Web Tutorials
    • Joomla Tutorials
    • KompoZer Tutorials
    • WordPress CMS Tutorials
      • WordPress Plugins Tutorials
        • WordPress Fast Secure Contact Form Plugin
        • WP CataBlog Plugin Tutorials
      • WordPress Theme Tutorials
        • Template Toaster Software WordPress
        • Suffusion Theme Tutorials
  • WordPress Web Site Design
Home » Security » All In One WP Security And Firewall User Login

All In One WP Security And Firewall User Login

 Security
Aug 092014
 

All In One WP Security And Firewall User Login helps you setup the following options login lockdown, force logout, login retry and much more.

Last Updated: September 8, 2022

Latest News: Updated the documentation.

User login is important to sites for administrators. It is also import if you allow user registration via WP Users. This at the same time allows hackers to attack the login page via brute force. In the login page, the attackers will attempt to repeat the login by trying to guess the password. They will carry out this action until they succeed. This is considered a brute force attack. By enabling all or some of the following features in the plugin you will reduce and stop these forced attacks.

Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks. Remember that constant attempts are you login page will also affect your servers performance.

Note: Currently the plugin does not support IPV6 addresses for login lock down. Please read the following forum post. This is something the developers are currently working on.

What you need:

  • All In One WP Security And Firewall

All In One WP Security And Firewall User Login

Step 1 ) Go to WP Security -> User Login admin tab as illustrated in the image below.

aiowps-user-login-admin-sidebar-menu

User Login

Step 2 ) The following image User Login allows you to set up the following login settings.

Note: Go to WP Security -> Dashboard -> Locked IP Addresses tab to see any IP addresses which is temporarily locked out due to the Login Lockdown feature.

User Login Settings

  • Login Lockdown
  • Failed Login Records
  • Force Logout
  • Account Activity Logs
  • Logged In Users
  • Additional Settings

all-in-one-wp-security-and-firewall-user-login-tabs

Login Lockdown

Step 3 ) Go to WP Security -> User Login -> Login Lockdown to set up the following options. See image below.

This will add another 20 points score towards your security meter. (Basic Security Level)

Login Lockdown Part 1

  • Enable Login Lockdown Feature
  • Allow Unlock Requests
  • Max Login Attempts = If you get too many lockouts from your users login in, then you might consider enabling Allow Unlock Request.
  • Login Retry Time Period (min)
  • Time Length of Lockout (min)

Remember: Always check your Account Activity Logs and Logged In Users to know more about what’s happening on your sites admin panel. Checking Logged In Users can be handy. If anyone is logged in, you can notify them if you are going to carry out any updating on your site. 

Step 3-a ) The following image allows you to set up the following options.

Login Lockdown Part 2

  • Display Generic Error Message = Check the following steps Step 3-b ) and Step 3-c ) below for more information.
  • Instantly Lockout Invalid Usernames
  • Instantly Lockout Specific Usernames = In this example the following usernames have been added to the list admin, www, bpm-go, bpmgo. This features comes in handy when you keep getting too many strange usernames trying to log into your site.
  • Notify By Email
  • Click on Save Settings button once you have completed the settings.

WordPress Default Error Message

Step 3-b ) The following image displays WordPress default error message.

all-in-one-wp-security-log-in-default-error-messageStep 3-c ) The following image displays a generic message when the following feature Display Generic Error Message is enabled.

all-in-one-wp-security-log-in-generic-error-message

FAQ WordPress Default Error Message

Q1 Is there a way to customize the default error message displayed by WordPress?

Answer: Yes you should be able too by using the wordpress core filter for the errors. Check the following support thread for the solution.

Lost your password link

AIOWPS plugin does a great job at also protecting the Lost your password? link. If you are using one of the Brute Force features to rename the login URL, you must use the URL with the secret word to reset your password. If you don’t you will see an error message displayed on the screen. Also, the email sent to your inbox will also have the correct reset link as long as the person resetting the password is an administrator with administrative privileges.

================================

Login Lockdown IP Whitelist Settings

Step 3-d ) Go to WP Security -> User Login -> Login Lockdown -> Login Lockdown IP Whitelist Settings as illustrated in the image below to set up the following options.

Login Lockdown IP Whitelist Settings

  • Enable Login Lockdown IP Whitelist
  • Enter Whitelisted IP Addresses
  • Click on Save Settings button once you have completed the settings.

all-in-one-wp-security-and-firewall-user-login-login-lockdown

Troubleshooting Login Lockdown

The following error message is displayed when someone has been locked out of your site when the following feature Enable Login Lockdown Feature is enabled.

ERROR: Access from your IP address has been blocked for security reasons. Please contact the administrator.

Solution: (Provided by wpsolutions in the forum)

– manually deactivate this plugin via FTP or log into your server and temporarily rename the plugin’s folder. Then once you are logged into your site, you can rename the folder back to it’s original name and unlock your self from the “Locked IP Addresses” tab in the aiowps dashboard menu.

OR,

1) If you have the login white list feature enabled? Try editing the .htaccess file manually and delete the block of code for that feature. (look for the markers “#AIOWPS_LOGIN_WHITELIST_START/END”)

2) Using PHPMyAdmin, go to the “aiowps_permanent_block” table and check if your IP address is listed in it. If it is delete that row.

3) Do the same as step 2) above for the table called “aiowps_login_lockdown“

Failed Login Records

Step 4 ) Go to WP Security -> User Login -> Failed Login Records. The following image displays a record from a failed login. This options helps keep track of what is going on on the back end of your website. You can choose to delete all obsolete records.

Failed Login Records Information

  • Login IP Range
  • User ID
  • Username
  • Date

all-in-one-wp-security-and-firewall-failed-login-record

Step 4-a ) The following image Export to CSV and Delete All Failed Login Records allow you to carry out the following options.

  • Export to a CSV file all login records.
  • You can delete all failed login records.

all-in-one-wp-security-and-firewall-export-delete-records

Troubleshooting Failed Login Records

Q1 How do I fix the following fatal error message when I go to view the failed login records?

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 90 bytes) in /sata1/home/users/malynrada/www/www.malyn-rada.gov.ua/wp-includes/wp-db.php on line 1889.

Solution: Check the following support thread for a possible solution.

==========

Q2 Why do I see the following username [login] instead of a name?

Solution: This can happen if you are using cloudflare or a similar service and set up the wrong server variable. Check the following support thread for more information.

FAQ Failed Login Records

Q1 Is there a way to delete all failed login records from all the sites on a multi-site network at once?

Answer: Short answer is no there isn’t. But there is a filter hook which controls how many rows are kept in the aiowps_failed_logins table. Please check the following support thread for more information.

================================

Force Logout

Step 5 ) Go to WP Security -> User Login -> Force Logout. The following security option is very useful. If you don’t want your users to stay logged in for too long you can set the time here in minutes. In this example the time is set to 60 minutes “1 hour”.

This will add another 5 points score towards your security meter. (Basic Security Level)

Force Logout Options

  • Enable Force WP User Logout:
  • Logout the WP User After XX Minutes:
  • Click on Save Settings button once you have completed the settings.

all-in-one-wp-security-force-logout-options

Account Activity Logs

Step 6 ) Go to WP Security -> User Login -> Account Activity Logs tab to check the activities for users registered and have logged into your website.

Account Activity Logs Options

  • You can search through the list of logged users.
  • You can select a number of users and delete them from the list.

all-in-one-wp-security-and-firewall-account-activity-logs

Step 6-a ) The following image Export to CSV allows you to export the log file into a csv file. This can be very handy to use when you need to investigate the loggings.

Account Activity Logs Options

  • You can export the log file into a CSV file by clicking on Export to CSV button.

all-in-one-wp-security-and-firewall-account-activity-logs-export-csv

Logged In Users

Step 7 ) Go to WP Security -> User Login -> Current Logged In Users tab to check all the users that are currently logged into your website and allows you to Force Logout the user especially if you think or know it is a suspicious user. The following information is displayed for your perusal.

  • User ID = Force Logout
  • Login Name
  • IP Address

all-in-one-wp-security-logged-in

Troubleshooting Logged In Users

Q1 When I log into my site, I see the same logged in user twice. Why is that?

Solution: Check the following support thread for a possible solution.

Additional Settings

Step 8 ) Go to WP Security -> User Login -> Additional Settings tab to manage the application password option in the site.

This will add another 10 points score towards your security meter. (Basic Security Level)

Additional Settings Options

  • Disable Application Password.
  • Click on Save Settings button once you have completed the settings.

all-in-one-wp-security-and-firewall-user-login-additional-settings-tab

=============================

Click on the following link User Registration to continue configuring the plugins settings.

If you have any questions please let me know

Enjoy.

All In One WP Security & Firewall Plugin Tutorial List

  • All In One WP Security And Firewall Plugin.

Share this post:

Share on Twitter Share on Facebook Share on Pinterest Share on LinkedIn Share on Email
I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.
 Tagged with: login lockdown, Plugins, tutorial

 Leave a Reply Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

ten + eight =

  All In One WP Security And Firewall Settings   All In One WP Security And Firewall Rules

Follow Me

Mbrsolution Facebook Mbrsolution RSS Feed Mbrsolution Twitter

Spanish Blog

Blog in Spanish


Blog Español

Recent Posts

  • Translate Simple Membership Using Loco Translate
  • The SEO Framework Webmaster Meta Settings
  • WP The SEO Framework Schema Settings
  • AIOWPS Two Factor Auth Settings
  • WP Simple Membership Blacklisting and Whitelisting

Recent Comments

  • Webmaster on CCleaner Options Settings
  • Nancy Brassert on CCleaner Options Settings
  • Webmaster on WordPress Simple Membership Email Settings
  • Nuu on WordPress Simple Membership Email Settings
  • Webmaster on ClassiPress WordPress Theme Customize Footer Area
Your information will be used to send you Blog updates. You can change your mind at any time by clicking the unsubscribe link at the bottom of any email that you receive from me. You can find details about mbrsolution privacy practices here.

Advertisements

Premium WordPress Apps

Pages

  • About Mbrsolution
  • Blog
  • Comment subscriptions
  • IT and SEO Support Rates
  • Links
  • PC Tips and Tricks For Windows OS
  • Portfolio
  • Recommended Tools For Windows OS
  • Resume
  • Sitemap
  • Testimonials
  • Website Design Tools And Utilities
  • WordPress Web Site Design
  • WordPress Websites SEO Management
  • WordPress Plugins Tutorials
  • WordPress Theme Tutorials

Tutorials

  • Comment subscriptions
  • Facebook Security Tutorials
  • Gimp Tutorials Latest Version 2.10.30
  • Google Tutorials
  • How To Operate An Android Smartphone
  • PayPal Tutorials
  • Selling And Buying eBay Tutorials
  • YouVersion Bible Tutorials
  • WordPress Plugins Tutorials
  • WordPress Theme Tutorials

Buy Me Coffee!

If you find my site helpful, you can buy me a cup of coffee. Click on the following image.
Thank you for your visit, enjoy my site.
© 2009 - 2023 Mbrsolution All Rights Reserved Please read the following:

Terms And Conditions

Privacy Policy

Disclaimer

Copyright Notice.

Suffusion theme by Sayontan Sinha
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT