How to Configure Brute Force Protection with All In One WP Security & Firewall

Posted OnSep 20, 2014     CategoryPlugins, Users & Security     CommentsNo comment

In this section of the guide to the All In One WP Security & Firewall plugin, we will show you through configuring Brute Force Protection.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> Brute Force.

km-all-in-one-brute-01

An effective Brute Force prevention technique is to change the default WordPress login page URL. Normally if you want to login to WordPress you would type your site’s home URL followed by wp-login.php.

This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the wp-login.php to any string that you like. By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.

The options for this feature are shown below.

  • Rename Login Page

    A. Security Points Buttons The Intermediate button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/10.

    B. Enable Rename Login Page Feature: Place a check mark in this check box if you want to enable the rename login page feature.
    C. Login Page URL: In the text box, enter a page url.

    km-all-in-one-brute-01a

    Once a check mark is placed in the check box, a new url is entered and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-brute-01b

  • Cookie Based Brute Force Prevention

    A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.

    Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.

    The features will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.

    Note: Even though this feature should not have any impact on your site’s general functionality you are strongly encouraged to make a back-up copy of your .htaccess file before proceeding. If this feature is not used correctly, you can get locked out of your site.

    A. Security Points Buttons The Adbvanced button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/20.

    B. Enable Brute Force Attack Prevention: Place a check mark in this check box if you want to protect your login page from Brute Force Attack
    C. Secret Word: Enter a secret word in the text box consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.
    D. Re-direct URL: Enter a URL to re-direct a hacker to when they try to access your WordPress login page.
    E. My Site Has Posts Or Pages Which Are Password Protected: Place a check mark in this check box if you are using the native WordPress password protection feature for some or all of your blog posts or pages.

    km-all-in-one-brute-02aa

    Once a check mark is placed in each check box, the text boxes are completed and the Perform Cookie Test button is clicked, the security points will be assigned the full value.

    km-all-in-one-brute-02bb

  • Login Captcha

    This feature allows you to add a captcha form on the WordPress login page. Users who attempt to login will also need to enter the answer to a simple mathematical question – if they enter the wrong answer, the plugin will not allow them to login even if they entered the correct username and password.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/20.

    B. Enable Captcha On Login Page: Place a check mark in this check box if you want to insert a captcha form on the login page.
    C. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/10.

    D. Enable Captcha On Lost Password Page: Place a check mark in this check box if you want to insert a captcha form on the lost password page.

    km-all-in-one-brute-03a

    Once a check mark is placed in each check box and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-brute-03b

  • Login Whitelist

    The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page. The plugin achieves this by writing the appropriate directives to your .htaccess file.

    A. Security Points Buttons The Intermediate button displays the Feature Difficulty.

    The 0/15 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/15.

    B. Enable IP Whitelisting: Place a check mark in this check box if you want to enable the whitelisting of selected IP addresses specified in the settings below.
    C. Your Current IP Address: You can copy and paste this address in the text box below if you want to include it in your login whitelist.
    D. Enter Whitelisted IP Addresses: Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.

    km-all-in-one-brute-04a

    Once the check box contains a check mark and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-brute-04b

  • Honeypot

    This feature allows you to add a special hidden honeypot field on the WordPress login page. This will only be visible to robots and not humans. Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.

    If the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address.

    A. Security Points Buttons The Intermediate button displays the Feature Difficulty.

    The 0/10 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/10.

    B. Enable Honeypot On Login Page: Place a check mark in this check box if you want to enable the honeypot feature for the login page.

    km-all-in-one-brute-05a

    Once the check box contains a check mark and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-brute-05b

The next step in the guide will focus on the SPAM Prevention feature.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend