In this guide, we explore the WordPress security plugin to monitor and protect your website from brute-force attacks, prevent spam comments, and increase login security.
Login Security Pro is a premium security plugin for WordPress which comes with various security and monitoring features to prevent spam comments and failed login attempts.
With Login Security Pro, you can add reCAPTCHA to WordPress standard forms like login, comment, register, or lost password form. Also, it can auto-block an IP address when exceeding the number of failed login attempts.
The plugin also supports adding reCAPTCHA to WooCommerce register and checkout forms.
The free version of this plugin is Login Security reCAPTCHA that comes with a reCAPTCHA validation feature for standard WordPress forms.
For adding reCAPTCHA validation in WooCommerce forms and advanced security features, you can check out the Login Security Pro plugin.
Activating the Login Security Pro Plugin
After purchasing the Login Security Pro WordPress Plugin, you get the zip file of the plugin that you can directly upload to your WordPress site from “Plugins” > “Add New” > “Upload Plugin”. Then, you can activate the plugin from “Plugins” > “Installed Plugins”.
After activating the plugin, you will see a new menu on your WordPress admin menu pages in “Settings” > “Login Security Pro”. The plugin’s setting page has the following tabs:
Login Security Pro Plugin Features
- Captcha: To enable and configure Google reCAPTCHA on WordPress and WooCommerce standard forms.
- Error Logs: To monitor all the errors that are logged by the reCAPTCHA validation on different forms.
- Limit Login Attempts: To configure the number of fail login attempts before locking out the IP address.
- Unlock IP: To unblock all the IP addresses that are locked by exceeding the number of fail login attempts.
- Login / Logout Redirect: Redirect the user after login or logout depending upon the user’s role.
- Recent Login History: View recent login history by username. Enable or disable the dashboard widget to view recent login history.
- Reset: Revert back the Login Security Pro plugin to its initial state.
Google reCAPTCHA v2 or v3 Validation
Login Security Pro supports reCAPTCHA validation on the following forms:
- Login Form
- Lost Password Form
- Registration Form
- Comment Form
- Login Form – WooCommerce
- Registration Form – WooCommerce
- Checkout Form – WooCommerce
To configure reCAPTCHA on these forms, you will need a site key and a secret key. For this, you can read How to Get Site and Secret Key for Google reCAPTCHA.
Now, you can set reCAPTCHA keys for the appropriate version. And, then you can check the forms and select the reCAPTCHA version to use on those forms.
Is Google reCAPTCHA not working?
You may have a caching plugin active on your site. To make reCAPTCHA work, you can try any one of these options:
- Exclude this URI in your caching plugin settings (JS Excludes): /repatcha/api.js
- Or, simply deactivate the caching plugin.
Limit Failed Login Attempts & Automatically Block IP Address
By limiting failed login attempts, you can secure the WordPress site from attackers and bots.
In order to gain access to your site, the attacker may try multiple password combinations on the login form of your WordPress site.
Now, by limiting failed attempts, the plugin can lock out the attacker’s IP address automatically for some duration.
Also, you can configure the number of failed attempts allowed and the lockout duration.
Record and Monitor User Login History
This feature allows logging of the IP addresses and timestamps of the user login. Also, you can select the roles for which to record the login history of the users.
You can also check login history by entering the username of the user.
With the dashboard widget, the users will be able to see their recent login history with the IP addresses and timestamps on the WordPress dashboard widgets area.
Redirect User After Login or Logout based on the Role
With this feature, you can redirect the user depending upon the role. For example, you can redirect all the subscribers to your home page after login in and logout. And, redirect all the administrators to the WordPress admin dashboard after login and to the home page after logout.
Also, the plugin supports multiple rules for both cases. This means you can configure different redirect rules based on different roles.
Lastly, you can read more on the features and pricing of Login Security Pro.