If you haven’t taken any extra steps to protect your WordPress blog, it’s about time you should consider taking action now. There’s only one way to log in to WordPress, and as soon as anyone figures out your log in details, they can pretty much do anything and everything to your site. They could even delete your articles. The only way to prevent this from happening is to have a tight security so that people won’t be able to crack into your site and wreak havoc. We previously covered WordPress security plugins, and WordPress sftp configuration to help you hardening WordPress. We’ll discuss 5 plugins to protect WordPress login today.
We mentioned this plugin when we provided important tips to secure WordPress. Login Lockdown is a truly useful WordPress plugin. What this plugin does is records the IP address and timestamp of each and every failed login attempt. If the plugin detects that there are more than a certain number of failed attempts detected within a short period of time coming from the same IP range, the plugin disables the login function for all requests from that IP range. Pretty cool, huh?
The Google Authenticator is a plugin that makes use of the Google Authenticator mobile app. This provides your WordPress site with a two-factor authentication login. Before you use or activate the Google Authenticator, you need to make sure that you already have two-factor authentication in your Google account enabled, and also have the Google Authenticator app installed on your Android, Blackberry, or iPhone.
Once you have the plugin installed and activated, go to Users -> Your Profile and then you should be able to see the settings for Google Authenticator. All you need to do is to check the box beside “Active” and click save to save the changes you’ve made.The next time you log in, you will be asked to enter the secret key. If you don’t enter the correct key, you will not be able to log in.
The WP Login Security works with your IP address. In order to protect your WordPress site, you as the administrator, need to whitelist your IP address. The WP Login Security will detect the IP address of the computer from which someone is trying to login as administrator. If the IP address is not whitelisted, the Wp login scecurity plugin will email the administrator a message that includes a link that contains a temporary key that can only be used once to log in as an administrator.
What makes WP Login Security a great WordPress plugin is that configurations is easy to setup.
One Time Password is great for people who need to access their WordPress site over a different network, or perhaps in a computer shop or cybercafé while traveling. This WordPress admin security plugin allows you to log in to your WordPress site using a different password that is good for a single session. Therefore, even if the password is stolen, hacker will not be able to re-use it for your website.
After you install and activate One Time Password, click on the One Time Password section so that you can generate your list of passwords. You will just need to enter a passphrase, and then click on ‘Generate.’ Print the list and take it wherever you go. When logging in to your WordPress site, you will need to match the sequence number shown on the log in page with the sequence number found in your list of passwords.
WP Firewall 2 isn’t exactly a plugin that works in the lo in part of your WordPress site, but what it does is investigates web requests and identifies any possible malicious attacks to your site. In turn, WP Firewall 2 will be able to stop the attack before it damages your site’s database. Once you activate this plugin, you can find the configuration settings under the Firewall section. The default settings are pretty much OK already, and there really isn’t much need to make any further changes. This is one of the must plugins for WordPress security hardening.