Limiting Logins with All In One WP Security & Firewall

Posted OnSep 28, 2014     CategoryPlugins, Users & Security     CommentsNo comment

In this section of the guide to the All In One WP Security & Firewall plugin, we will take a look at Limiting Logins and Login Activity Logs.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> User Login.

km-all-in-one-user-logins-01

This feature shows you how to tighten security for User Logins.

The options for this feature are shown below.

  • Login Lockdown

    One of the ways hackers try to compromise sites is via a Brute Force Login Attack. This is where attackers use repeated login attempts until they guess the password. This option provides you with various ways to deter hackers.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since there are no options selected yet, the security points are set to 0/20.

    B. Enable Login Lockdown Feature Place a check mark in this check box if you want to enable the login lockdown feature and apply the settings below.
    C. Allow Unlock Requests: Place a check mark in this check box if you want to allow users to generate an automated unlock request link which will unlock their account.
    D. Max Login Attempts: Set the value for the maximum login retries before IP address is locked out. The default value is 3 login attempts.
    E. Login Retry Time Period (min): If the maximum number of failed login attempts for a particular IP address occurs within this time period the plugin will lock out that IP address. The default value is 5 minutes.
    F. Time Length of Lockout (min): Set the length of time for which a particular IP address will be prevented from logging in. The default value is 60 minutes.
    G. Display Generic Error Message: Place a check mark in this check box if you want to show a generic error message when a login attempt fails.
    H. Instantly Lockout Invalid Usernames: Place a check mark in this check box if you want to instantly lockout login attempts with usernames which do not exist on your system.
    I. Notify By Email: Place a check mark in this check box if you want to receive an email when someone has been locked out due to maximum failed login attempts. The default email address is the email address set up in Settings -> General. This field can be modified.
    J. Currently Locked Out IP Ranges If any IP addresses have been locked out, they will be displayed here.

    km-all-in-one-user-logins-02

    Once the appropriate check boxes contain check marks as outlined above and the Save Settings button has been clicked, your security points score should now be 20/20.

    km-all-in-one-user-logins-02a

  • Failed Login Records

    This option displays the failed login attempts for your site. The information displayed below can be handy if you need to do security investigations.

    Click the Delete All Failed Login Records button to clear the Failed Login Records list.

    km-all-in-one-user-logins-03

  • Force logout

    Setting an expiry period for your admin session is a simple way to protect against unauthorized access to your site from your computer. This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.

    A. Security Points Buttons The Basic button displays the Feature Difficulty.

    The 0/5 button displays the Security Points assigned to this. Since there are no options selected yet, the security points are set to 0/5.

    B. Enable Force WP User Logout: Place a check mark in this check box if you want to force a wp user to be logged out after a configured amount of time (see text box below).

    C. Logout the WP User After XX Minutes: Enter a value in minutes after which the user will be forced to log back in. The default value is 60 minutes.

    km-all-in-one-user-logins-02b

    Once the appropriate check box contains a check mark as outlined above and the Save Settings button has been clicked, your security points score should now be 5/5.

    km-all-in-one-user-logins-02e

  • Force logout

    This option displays the login activity for WordPress admin accounts registered with your site. The information displayed below can be handy if you need to do security investigations because it will show you the most recent login events by username, IP address and time/date.

    A. Bulk Actions Click the down arrow to the right of the dropdown box to select the Delete option.
    B. User ID Heading Row Placing a check mark in this check box places a check mark for each user in the current view – marking them for deletion. You can also select a user or user(s) individually by placing a check mark in the check box located in the User ID column beside the selected user. Select Delete from the dropdown list and click the Apply button to complete the deletion process.
    C. Page Navigation Click the navigation arrows to move through the pages of the Account Activity Logs.

    km-all-in-one-user-logins-04

  • Logged In Users

    This option displays all users who are currently logged into your site. If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.

    Click the Refresh Data button to display an up-to-date list of all logged in users.

    km-all-in-one-user-logins-05

The next step in the guide will focus on the User Registration feature.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend