Login Lockdown – Protect Login Form

After I installed the plugin, I started getting login attempts by the user "Unknown" (on the 3 sites I installed), detected by Wordfence. This is why I changed the login path through the plugin, so in theory, only they could know the login address.

Thus far, I am very happy with the pro version of Login Lockdown. It is not flawless, but the developers are responsive, and they are improving and updating the software regularly. Worth the money for pro!

Removed the ability for an admin to unlock in the latest update! It is extortion to sneak this in and for a payment o get an account unlocked. We will be removing from all 300+ sites!

Plugin makes your website really safer. Easy to setup and many options.

Edit: They fixed the bug! :) back to 5 stars!!!

-------------------------------------------------

Old review: If you login and forget to fillout the recaptcha or fill it out wrongly it will log you as "failed" attempt and show your password in the log list. This way every admin that can see the settings will know your password.

There is no need to show the failed login attempt password. Please remove this terrible function. Big data leak. 1 star until they fix this.

Nice plugin that adds protection against brute-force login attempts.

I can't believe after many many years of use I have not said thank you. I really appreciate this plugin. I recommended this recently to a friend who was delighted there was no advertising and upsell. Indeed! Great to know there are still some who go to the effort of sharing and updating because it's a nice thing to do.

This is brilliant. It's a must have for websites that attract a lot of traffic and which therefore will attract a lot of forced login attempts.

Thank you for this perfect plugin. You wouldn't believe how many login attempts you can get even on a brand new website w/o any external links so far. This is one of the plugins, I install everywhere.

Thanks, been working away in background for ages.

I like this plugin and use it on a number of websites I am a webmaster for. In case it helps, here are some thoughts on how/why I have configured the plugin. I leave the first 3 entries as default (3,5,60). They seem ideal to me. I set Lockout Invalid Usernames? to YES. If they don't know the Username, why are they trying to login? I am careful, so I won't lock myself out. I set Mask Login Errors? to YES. Denies useful intelligence to people who are trying to login when they shouldn't. Why help them? I set Show Credit Link? to NO. I love helping people - and as it happens it's my professional work - however telling people about the plugin so they can protect their blogs also tells people who are trying to login when they shouldn't what security I am using. This is a more minor point, however it also falls under the 'need to know policy' - they don't.