Configuring Login Security Solution For a More Secure Website

Posted OnAug 20, 2014     CategoryPlugins     CommentsNo comment

In this section of the guide to the Login Security Solution plugin, we will take a look at setting up the options to get the most out of this plugin.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to Settings -> Login Security Solution.

km-login-security-options-01

Login Failure Policies

This plugin offers a 3-Tiered approach to deter potential attackers. The theory behind this approach is for the responses to take so long that the attackers give up and go find an easier target.

A. Match Time How far back, in minutes, should login failures look for matching data? The data from these login failures is saved and compared against previous login failures. The default value is 120 minutes. 0 disables this feature (not recommended).
B. Delay Tier 2 How many matching login failures should it take to get to Delay Tier 2? The default value is 5 failed logins.
C. Delay Tier 3 How many matching login failures should it take to get to Delay Tier 3? The default value is 10 failed logins.
D. Notifications To When the number of failed logins reaches the values assigned above, an email or emails will be sent to the email addresses entered in this text box notifying them of the breach. To send to more than one email address, place a comma between the email addresses. If no email address is entered, WordPress will send to the email address in the Settings -> General area.
E. Failure Notification Notify the Administrator after x number of login failures. The default value is 50 failed logins. 0 disables this feature (not recommended). WordPress will send an email to the email address in the Settings -> General area notifying the Administrator of the breach.
F. Multiple Failure Notifications Should multiple failure notifications be emailed to the Administrator?
The available options are:

  • No, just notify them the first time that x matching login failures happen.
  • Yes, notify them upon every x matching login failures.
G. Breach Notification Notify the Administrator if a successful login uses data matching x login failures. The default value is 6. 0 disables this feature (not recommended).
H. Breach Email Confirm If a successful login uses data matching x login failures, immediately log the user out and require them to use the WordPress lost password process. The default value is 6. 0 disables this feature (not recommended).

km-login-security-options-02a

Password Policies

A. Length How long should the passwords be? The default value is 10.
B. Complexity Exemption How long should the passwords be to be exempt from the complexity requirements? The default value is 20.
C. Aging How many days old can a password be before requiring it be changed? The default value is 0 (not recommended). 0 disables this feature.
D. Grace Period How many minutes should a user have to change their password once they know it has expired? The default value is 15 minutes. This value must be >= 5 minutes.
E. History How many passwords should be remembered. This prevents re-using old passwords. The default value is 0 which disables this feature (not recommended).

km-login-security-options-03

Miscellaneous Policies

A. Idle Timeout When your WordPress session has had no activity in x minutes, the session will close and you will automatically be logged out. The default value is 15 minutes. 0 disables this feature (not recommended).
B. Maintenance Mode From time to time an Administrator will need to log in and performance maintenance. During this time, non-admin users can be stopped from logging in and posting comments depending on the following selection:

  • Off, let all users log in.
  • On, disable comments and only let Administrators log in.
C. Deactivation During the course of using WordPress, plugins may need to be removed. This feature offers you the ability to remove all of the plugin’s data and settings upon deactivation depending on the following selection:

  • No, preserve the data for future use.
  • Yes, delete the damn data.

km-login-security-options-04a

Click the Save Changes button.

That’s it! Your WordPress site is now secure.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend