Beskrivelse
COMPREHENSIVE WORDPRESS LOGIN SECURITY PLUGIN
Melapress Login Security enables you to effortlessly set login security policies that put you firmly in the driver’s seat of your WordPress sites. Policies are highly customizable and granular and can be implemented by user role or site-wide for complete control over the security of your WordPress login processes.
Use the free edition of Melapress Login Security to implement WordPress password requirements such as minimum length and complexity rules. The plugin also allows you to set password expiration policies, prevent password reuse, limit failed login attempts, and automatically disable inactive user accounts, among other things. This helps you:
- Prevent unauthorized login attempts
- Protect against brute force attacks
- Comply with GDPR with a login consent notice
Features list
A secure WordPress login starts right here. Explore all of the features included with the free edition of Melapress Login Security:
Set password policies
Strong passwords are your first line of defense against bad actors looking to gain access to your site. Set password requirement policies to make sure users set strong passwords. Set policies by user role or site-wide and define policy priority for users with multiple roles.
- Set minimum password length
- Mandate use of upper case and lower case characters, numeric digits, and special characters
- Set an automatic password expiration policy and advise users when their password is about to expire
- Disallow users from recycling passwords
- Provide users with helpful instructions during the password configuration stage
- Disable password reset links
- Mandate WordPress password reset on the first login
Limit login attempts
Limit failed login attempts and put an end to brute force attacks. Protect your login form by automatically disabling user accounts after a number of failed login attempts. Choose between manual unlocking by an admin or automatic unlock after a cooldown period.
Change WordPress login URL
Easily deploy security-by-obscurity tactics and change your WordPress login page URL using a plugin! Hiding the default login page from hackers makes it more difficult to find, potentially reducing brute force attacks and other unauthorized access attempts. After you change the default wp-admin URL, you can set a 404 for the old login page or redirect it to any page of your choosing.
GDPR login page consent notice
Easily meet GDPR requirements by adding a GDPR consent notice to the login page. This is required for GDPR and PCI DSS compliance, thus ensuring your WordPress site login page is in compliance.
Emergency password reset
Discovered suspicious behavior? Reset all users’ passwords with just one click and regain instant control.
Upgrade to Melapress Login Security Premium and get even more benefits.
The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them.
Premium features list
- Everything in the free version
- One-click integration with third-party plugins such as WooCommerce, LearnDash, Memberpress, and many others
- Automatically disable inactive WordPress users after a set time
- Add Geo-blocking rules to restrict login page traffic to specific countries, or block traffic from specific countries
- Restrict users’ login to a specific IP address, or a configurable number of IP addresses
- Restrict WordPress users’ login time by day and/or hours
- See reports of when users were last active, what’s their password age, and whose password is expired
- Receive detailed weekly summary reports over email of password resets and changes, user account lockouts, and more
Why you should use Melapress Login Security
Melapress Login Security is a WordPress plugin built from the ground up to help you address security concerns and secure your WordPress login. Supercharge login credentials for maximum effectiveness and put a stop to unlimited login attempts, weak passwords, and inactive users. Set up policies to reduce your attack surface area such as login times restrictions, change the WordPress login URL, and much more.
Free and premium support
Support for Melapress Login Security is free on the WordPress support forums. Premium world-class support is available via email to all users, including those using the free plugin.
Note: Customer support for customers on a premium plan is given priority and is provided via one-to-one email. Upgrade to premium to benefit from priority support.
For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form.
MAINTAINED & SUPPORTED BY MELAPRESS
Melapress builds high-quality WordPress security & admin plugins such as WP 2FA, CAPTCHA 4WP,and WP Activity Log, the #1 user-rated activity log plugin for WordPress.
Visit our website to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.
Install the plugin from within WordPress
Keeping a secure WordPress login page is easy with Melapress Login Security. Simply:
- From your WordPress dashboard, navigate to Plugins > Add New
- Search for “Melapress Login Security”
- Install & activate Melapress Login Security from your Plugins page
Install the plugin manually (via file upload)
- Download the plugin from the WordPress plugins repository
- Unzip the zip file and upload the folder to the
/wp-content/plugins/
directory - Activate the Melapress Login Security plugin through the Plugins page in WordPress
Skjermskudd
FAQ
-
Where can I go for further reading and documentation?
-
You can find more detailed information about WordPress website security, password security and user management, security best practices, and much more in the recommended reads linked below:
-
Is Melapress Login Security free?
-
Melapress Login Security comes in both free and premium editions. The free edition comes packed with several security measure features to protect your WordPress login, including:
- Password policies for all your users
- Limit login attempts
- Change login URL
- GDPR login page notification
The premium edition adds features such as:
- Login times restrictions
- Inactive users policies
- IP restrictions
- Geo-blocking
- One-click integration with WooCommerce, Memberpress, LearnDash, and others
- and much more!
-
The free edition includes all basic features without any restrictions to help you improve your WordPress login security. The premium edition adds several features over and above what is available in the free edition, enabling you to improve your WordPress login security even further.
-
Can I get support if I get stuck?
-
All Melapress plans come with one-to-one email support, ensuring you can secure your WordPress login processes with minimal effort You can reach support through email at support@melapress.com.
-
How does Melapress Login Security secure my website?
-
Melapress Login Security secures different aspects of the WordPress login process to increase the overall security of your site. Depending on which edition you get and which policies you activate, the plugin is flexible enough to enable you to be as restrictive as you like.
While the plugin is extensive, it is not a silver bullet, and you should still take other security measures, such as enabling two factor authentication.
-
How does limiting login attempts improve security?
-
Brute force attacks rely on unlimited login attempts to try as many username and password combinations as possible until they hit the right combination. By limiting login attempts, you effectively stop brute force attacks by removing the one thing they rely on to breach your login page.
-
How effective is changing the default WordPress login URL?
-
Changing the login page URL is a security technique known as security-by-obscurity. Its entire premise is to make resources harder to find – but not impossible. This means that changing the wp-admin page URL can be an effective strategy when combined with other techniques such as using strong passwords and two factor authentication.
-
Does the plugin receive updates?
-
Melapress Login Security is actively supported and receives regular updates. Refer to the plugin changelog for more information about past updates.
-
How do I uninstall Melapress Login Security?
-
You can uninstall Melapress Login Security just as easily as you would with any other plugin. Simply login to your WP admin dashboard, navigate to Plugins > Installed Plugins, locate Melapress Login Security, and then click on Deactivate and then Uninstall.
To remove all settings, navigate to Login Security > Settings and enable the Delete database data upon uninstall setting before deactivating and uninstalling the plugin.
-
What data does Melapress Login Security send?
-
The free edition does not send any data whatsoever. The premium edition, on the other hand, only sends licensing data to our server. All WordPress login security settings remain in your WordPress database. Furthermore, the plugin does not collect any user data.
-
How can I report security bugs?
-
You can report security bugs through the Patchstack Vulnerability Disclosure Program. Please use this form. For more details please refer to our Melapress plugins security program.
Vurderinger
Bidragsytere og utviklere
“MelaPress Login Security” er programvare med åpen kildekode. Følgende personer har bidratt til denne utvidelsen.
BidragsytereOversett “MelaPress Login Security” til ditt språk.
Interessert i utvikling?
Bla gjennom koden, sjekk ut SVN-repositoriet, eller abonner på utviklingsloggen med RSS.
Endringslogg
1.3.1 (2024-05-30)
-
New features
- New GDPR consent message on the login page (this is a new optional setting and the admins can also edit the message).
- New shortcode to add the GDPR consent message to any custom login page.
- Password expiry notification: users can now be notified via a notice in the dashboard prior to their password expiring.
-
Plugin improvements
- Added some more links to plugin’s documentation in the plugin’s help text.
- Added in-dashboard notification to advise users what is new and improved in the plugin with each update.
- Enhanced Notification System: Improved the overall infrastructure of the plugin’s notification system.
- Created a new «User Management» page and centralized the «Locked Users» and «User import/export» in this new section, for a better UX.
- Updated some settings to ensure they all use the same prefix in the database settings table.
- PHP Function Tweaks: Adjusted some PHP functions to prevent potential errors when timed login policies are active.
-
Bug fixes
- Fixed an edge case in which a fatal error is caused when unlocking a locked user and both the Free and Premium editions are installed.
- Security patch: fixed a low severity security issue reported by YC_Infosec.
Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of Melapress Login Security.