So we’ve installed and network activated the Loginizer Security Plugin. What’s next? Usually, the plugin comes with a set of default settings. But we have to take a look to make sure that these settings are suitable to our liking.
So let’s head back into our WordPress Dashboard and do this.
I’ll type in hotelamazonasgy.com/wp-admin/, type in my username and password and click “Login.”
Now I’m inside my main site’s Dashboard. In the left hand column menu, a new button will appear.
That’s the Loginizer Security button. It wasn’t there before: it appeared because we have installed the Loginizer Plugin. And if we uninstall the Loginizer plugin, that button will disappear from there.
If we hover our mouse over that button, it will fly out two other menu commands: Dashboard and Brute Force.
Let’s click on Dashboard and see what happens.
That above is a screenshot of the Loginizer Dashboard. it just gives some basic information, says “thank you,” asks for rating, asks you to tweet about the plugin etc. There isn’t any changes to be made here.
So let’s go back to that Loginizer Button on the menu and this time click “Brute Force.”
Here we will take a look at some of the settings for the Loginizer Brute Force Protection.
As you can see, we have:
- Max Retries: That’s the maximum amount of failed login attempts the plugin will allow before blocker the user. In this case, it’s set to 3. And that’s a good value. If someone types the wrong password 3 times, they will be locked out.
- Lockup Time. If someone types the password or username incorrectly 3 times, they will be locked out. But for how long? In this case, the default setting is 15 minutes. I can change that to 100 or 200 minutes, but I’ll choose it just the way it is. That’s OK. So you fail 3 times, you get locked out for 15 minutes and you get to try 3 more times. That’s not bad. That will certainly deter a lot of hackers and robots.
- Max Lockout. So you failed three times, you get locked out for 15 minutes, you try and fail again, get locked out again. How many times should the plugin allow to fail before executing more severe lockout measures? As you can see it’s set to 5. So, if you try and fail, get locked out for 15 minutes, try and fail again…5 times, you will then get lock out for 24 hours. That’s what is called the “Extend Lockout” time.
- Reset Retries – 24 hours. If 24 hours passes with no failed login attempts, then all the settings will go back to Reset. That is, you will get a fresh new 3 failed attempts in 15 minutes, and a fresh new 5 lockouts in 24 hours.
- Email Notification – Do you want to really be bothered each time someone fails to login to your Dashboard and your superhero plugin locks them out? No. I don’t. That’s why I leave email notifications to 0, because I don’t want to be emailed with this information. Maybe I will change my mind in the future. And you can change the value if you want as well input your email address a little further below in settings.
Scroll a little further down the settings Dashboard and you will get the options to Blacklist IPs, Whitelist IPs and change error messages wording.
For now, I think the default settings are awesome for the Loginizer Plugin. I don’t need to click save. I’ll just leave it the way it is and navigate away from there.
Up Next. The Revisions Control Plugin.
