Brute Force protection is available in the Free as well as Pro version of Loginizer. The Brute Force feature, protects your site from attackers trying to login to your website with multiple username/password combinations by blocking their IP for certain time.
By default when you activate Loginizer plugin Brute Force protection is enable with the default brute force settings which are optimized for a production website. However if you would like to manage the settings you can check the below steps to customize the same.
Changing Brute Force Settings
Go to Loginizer Security -> Brute Force. From there, scroll down until you find “Brute Force Settings“. You can then configure Brute Force Security as per you liking.
Understanding Brute Force Settings
This part will help you understand what each option from the setting does.
The “Max Retries” option sets the number of “Failed Login Attempts” a user gets before being blocked. It is set to “3” by default.
For Example: Let’s consider the “Max Retries” to be set to 3. If a user fails to login after 3 attempts, the user will be blocked for the amount of time set in the “Lockout Time” option.
The “Lockout Time” option sets the number of minutes a user should be blocked for after failing the maximum amount of retries set i.e “Max Retries”. It is set to “15” by default.
For Example: Let’s consider the “Lockout Time” to be set to 1. If a user gets blocked, the user will have to wait for the amount of minutes specified to pass in order to attempt to login again.
The “Max Lockouts” option sets the number of lockouts that a user is allowed to have before being blocked for an extended amount of time. It is set to “5” by default.
For Example: Let’s consider the “Max Lockouts” to be set to 5. If a user gets blocked 5 times, then the user will get blocked for the number of hours specified in the “Extend Lockout” option.
The “Extend Lockout” option sets the number of hours a user should be blocked for after exceeding the number of “Max Lockouts”. It is set to “24” by default.
For Example: Let’s consider the “Extend Lockout” to be set to 1. If a user gets blocked 5 times, then the user will have to wait until the number of hours specified in the “Extend Lockout” option has passed in order to attempt to login again.
The “Reset Retries” option resets a users retries back to the given number of “Max Retries” after the specific amount of hours are passed. It is set to “24” by default.
For Example: If the “Max Retries” are set to 3 and a user fails to login twice, then the amount of retries the user currently has would be 1. If the user waits for 24 hours, then the retries would automatically reset back to the given “Max Retries”, which in this case is 3.
The “Email Notification” option will send you an Email to your registered Email Address on WordPress consisting of a users information that has been blocked for a given number. It is set to “0” by default, meaning that you will receive no Emails.
If it is set to 2, the admin will be notified via email when any user reaches two lockouts i.e. he has been blocked twice.
Disabling Brute Force
You can disable Brute Force altogether by clicking the “Disable Brute Force Protection” located to the bottom right of the “Brute Force Settings” tab.
Note: Disabling Brute Force will not disable other form of security additions like Captcha, Two Factor Auth, etc (if configured).