Smart Security Tools: Login Limit Addon

Smart Security Tools: Login Limit Addon
Buy on CodeCanyon for $15

Extended license price: $75.00

This plugin has been purchased 29 times so far.

Plugin released on:
August 24, 2014

Plugin last updated on:
March 7, 2016

Tags: ban ip, blocked usernames, brute force, honeypot, limit login, login form, security, security tools, temporary ban

Changelog

Version 2.0 / 2015.03.17.

  • Added: Log all failed cookie username and hash login attempts
  • Added: Login limit now based login failed and honeypot events
  • Added: Blocked usernames now based login failed and honeypot events
  • Added: Blocked usernames now hooks into login failed action
  • Added: Login honeypot message about feature limitation
  • Updated: Addon requires Smart Security Tools 2.8
  • Updated: Login honeypot disabled when addon is installed first
  • Updated: Few minor improvements and changes
  • Fix: Counting events for ban was using wrong current date
  • Fix: Honeypot field now only shows on wp-login.php

Version 1.0 / 2014.08.24.

  • First release

This is NOT standalone plugin and it can’t be used on it’s own. This is an addon for Smart Security Tools plugin for WordPress, and it is also available on CodeCanyon here:
Smart Security Tools
You need to purchase and install this main plugin first. Do not attempt to use this addon on its own, it will not work.

Addon Information

Smart Security Tools: Login Limit Addon is powerful addition for Smart Security Tools plugin bringing additional tools for website protection related to WordPress login form.

This addon includes 3 main modules, and you can use only what you need for your website and disable other modules:

  • Login Limiter
  • Login Honeypot
  • Blocked Usernames

Login Limiter: Prevent brute force login attacks

Login Limiter: Prevent brute force login attacks
This module is made to prevent brute force attacks many bots use to crack the username and password. With this module you can throttle number of wrong login attempts single IP can make in a period of time. If the login fails, it will be logged, and if number of failures reaches set number, IP will be temporarilly banned. After that, if more failed logins are detected from same IP it will be banned permanently.

Plugin hooks into WordPress authentication system for the most part, and all plugins with login forms or login widgets depend on this. So, plugin will detect invalid logins regardless of the login method. But, banning user from accessing login form will work only with WordPress own wp-login.php page since most third party plugins have no way of controlling how or if the form is displayed at all.

Login Honeypot: Prevent logins from bots

Login Honeypot: Prevent logins from bots
With honeypot field plugin targets logins made by bots. Honeypot field is is invisible to normal users, but most bots will fill it and that will get them caught in the trap and get banned.

This module can be used only if you use only ‘wp-login.php’ for login. If you use some login widgets or some other login method, do not use this module!

Blocked Usernames: Prevent logins using listed usernames

Blocked Usernames: Prevent logins using listed usernames
Most brute force attacks attempt login as ‘admin’ (most common WordPress username). So, change your username to something else and set this module to check if someone is using admin username. If same IP does that more than once, it will get banned, and you can set number of failed logins to trigger this trap.

Addon Requirements

  • WordPress 3.3 or newer
  • Smart Security Tools 2.8 or newer: get it here

Changelog

Version 2.0 / 2015.03.17.

  • Added: Log all failed cookie username and hash login attempts
  • Added: Login limit now based login failed and honeypot events
  • Added: Blocked usernames now based login failed and honeypot events
  • Added: Blocked usernames now hooks into login failed action
  • Added: Login honeypot message about feature limitation
  • Updated: Addon requires Smart Security Tools 2.8
  • Updated: Login honeypot disabled when addon is installed first
  • Updated: Few minor improvements and changes
  • Fix: Counting events for ban was using wrong current date
  • Fix: Honeypot field now only shows on wp-login.php

Version 1.0 / 2014.08.24.

  • First release