As part of my ongoing experience with WordPress, from time to time I’m going to take a moment to highlight WordPress plugins that I think are absolutely invaluable for any WordPress-hosted site.
Today I’m going to focus on Chap Secure Login and Login LockDown, both of which serve to tighten security for logging into the WordPress admin console.
Chap Secure Login helps to secure your login credentials to the WordPress admin console by first requesting a random key from the server. The client then uses that key to encrypt the admin username and password. Once the encrypted username and password are received, the server confirms whether or not the hash is valid and then grants or denies access to the session.
It’s quick, easy to install, and doesn’t appear to cause any slowness in logging in. It’s a no-brainer to install this plugin.
Login LockDown is another security-related plugin that, essentially, blocks logins from offending IP ranges if they produce more than a defined number of bad login attempts. Here’s the plugin’s summary from the author’s website:
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
Again, this is another plugin that quick, easy to install, and causes no slowdown that I’ve been able to perceive. Another no-brainer for your WordPress site.
