Aug 072014
 

All In One WP Security And Firewall Brute Force helps you to protect the rename login page, cookie based brute force prevention, login captcha and more.

Last Updated: May 16, 2019

Latest News: I updated the documentation.

Everybody knows how important it is to add very good security to your website login. Enabling one of the brute force login features in the plugin will increase your security and peace of mind.

What is a brute-force attack? A brute force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly your password. Having a complex unique login name for your website login page will definitely make it very hard for hackers to crack. If you have not enable this feature, I highly recommend that you do so as soon as possible.

You might like to read more about brute force attacks from the following URL wiki Brute-force_attack.

All In One WP Security And Firewall Brute Force

Step 1 ) Click on WP Security -> Brute Force to set up the following options. See images below.

Brute Force Features

  • Rename Login Page
  • Cookie Based Brute Force Prevention
  • Login Captcha
  • Login Whitelist
  • Honeypot

all-in-one-wp-security-land-firewall-brute-force

Rename Login Page

Step 2 ) Go to WP Security -> Brute Force -> Rename Login Page to set up the following options.

Rename Login Page Hooks

  1. This hook added to your functions.php file, allows you to redirect to a 404 page error URL instead of a 403 WordPress error message. Click here to learn more. 
  2. This hook added to your functions.php file, allows you to redirect to a page of your choice. Click here to learn more.

Rename Login Page

  • Enable Rename Login Page Feature
  • Login Page URL
  • Click on Save Settings button when you finish setting up this feature.

Use this feature will add another 10 points score towards your security meter. (Intermediate Security Level)

Note: If you are using a cache plugin, you need to exclude the login page from being cached.

all-in-one-wp-security-brute-force-rename-loing-page-settings

Troubleshooting Rename Login Page

Step 2-a ) If you add a character that is not allowed by the plugin security you will see the following message at the top of the page.

Attention!
You must use alpha numeric characters for your login page slug.

Step 2-b ) If you have WordPress plain permalink structure enabled in your site you will see a ? added to the URL. It will look like this yoursite.com/?your secret name.  By selecting another permalink or a custom structured permalink your URL will change to yoursite.com/your secret name without the ? added.

Rename Login Page Questions

Q1: How do I configure the rename login page url to redirect to WooCommerce accounts page?

Solution 1: Read the following support thread. It shows you the function you can add in your theme functions.php file. This will redirect to the WooCommerce accounts page.

Q2: Why when enabling the rename login page feature, AIOWPS plugins changes the language strings translation for the wordpress standard login page?

Solution 1:  When you use the rename login page feature, the “login page” output strings are not coming from the standard wp-login.php file but instead come from a file inside the aiowps plugin. That file is called wp-security-rename-login-feature.php which resides in the “other-includes” directory of this plugin. Hence the reason for the translations being required.

===============================

Cookie Based Brute Force Login Prevention

Step 3 ) Go to WP Security -> Brute Force -> Cookie Based Brute Force Login Prevention to set up the following options. See image below.

Note: If you are using cache in your site you can exclude the cookie from being cached. Find the cookie name by looking in your DB and finding the option_name called “aio_wp_security_configs”. Inside there look for the “aiowps_cookie_brute_test” and get the cookie name.

Cookie Based Features

  • Enable Brute Force Attack Prevention
  • Secret Word
  • Re-direct URL = Note: You can add a custom URL in this field. This is a good idea if you wish to share some personal message to those trying to hack your site.
  • My Site Has Posts Or Pages Which Are Password Protected
  • My Site Has  Theme or Plugin Which Use Ajax
  • Click on Save Feature Settings button once you have completed your set up.

This will add another 20 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-brute-force

===============================

Login Form / Registration Form / Comment Captcha

Step 4 ) For login captcha and other captcha forms, click on the following URL Captcha Settings to learn more.

===============================

Login Whitelist

Step 5 ) Go to WP Security -> Brute Force -> Login Whitelist  to set up the following options.

Login Whitelist Options

  • Enable IP Whitelisting
  • Your Current IP Address
  • Enter Whitelisted IP Addresses
  • Added IPv6 support for the whitelist feature (Added in version 4.0.2)
  • Click on Save Settings button once you have completed your set up.

This will add another 15 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-whitelist

===============================

Honeypot

Step 6 ) Go to WP Security -> Brute Force -> Honeypot to set up the following option. he following image allows you to set up Login Form Honeypot Settings. (Added in version 3.7.8) (Fixed in version 3.8.1 and 3.8.2)

  • Enable Honeypot on Login Page
  • Click on Save Settings button once you have completed your set up.

This will add another 10 points score towards your security meter. (Intermediate Security Level)

all-in-one-wp-security-honeypot

================================

Troubleshooting Brute Force

Q1 Any way to retrieve the changed login page from db or wordpress files?

Answer 1 = If you’re referring to the rename login page, it is stored in WordPress options table.  (Solution provided by wpsolutions in the forum)

Look for the row with “aio_wp_security_configs” and then look inside the option_value field and find the paramater “aiowps_login_page_slug” which should have the value following it.
Similarly, if you are referring to the cookie based brute force feature, it is same as above except you will look for the “aiowps_brute_force_secret_word” parameter to get the value.

Note: for rename login page if you have permalinks enabled your login URL will look like: yoursite.com/secret_slug

If permalinks are set to plain

  • For rename login page feature: yoursite.com/?secret_slug
  • For cookie based feature: yoursite.com/?secret_slug=1

================================

That is how simple it is to set up the Brute Force features in the plugin.

If you have any questions please let me know.

Enjoy.

All In One WP Security & Firewall Plugin Tutorial List

Manuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)