How to Use Login Protection

WP Captcha Documentation

Login Protection is a crucial feature of WP Captcha that provides security against unauthorized access and brute-force attacks. This section is divided into three sub-sections: Basic, Advanced, and Tools. Here’s a detailed breakdown of each, along with instructions on how to use them:


Basic Login Protection


How to Configure:

  1. Max Login Retries: Set the number of failed login attempts needed to trigger a lockdown.
  2. Retry Time Period Restriction: Define the time frame (in minutes) for failed login attempts before an access lock occurs.
  3. Access Lock Length: Determine the duration (in minutes) to block a specific IP once access is locked.
  4. Log Failed Attempts With Non-existent Usernames: Enable or disable logging for failed attempts with non-existent usernames.
  5. Mask Login Errors: Hide login error details to minimize information available to attackers.
  6. Block Type: Choose whether to block website access entirely or only block access to the login page.
  7. Block Message: Customize the message displayed to blocked visitors.
  8. Whitelisted IPs: List IP addresses that will never be blocked. Your current IP is displayed for reference.
  9. Show Credit Link: Optionally show a credit link below the login form to promote WP Captcha.
  10. Click “Save Changes”: After selecting your preferences, click the “Save Changes” button. The plugin is now configured.


Login Protection Basic


Advanced Login Protection


How to Configure:

  1. Login URL: Change the login page URL to protect against attacks on the default login page.
  2. Password Check: Enable checking for weak passwords that may be vulnerable to attacks.
  3. Anonymous Activity Logging: Log visitor details anonymously, in compliance with GDPR.
  4. Log Passwords: Enable or disable logging of passwords used in failed login attempts (use with caution).
  5. Block Bots: Prevent bots from accessing the login page.
  6. Block Login Attempts With Non-existing Usernames: Block IPs immediately if failed login attempts use non-existing usernames.
  7. Add Honeypot for Bots: Include a hidden field to catch and prevent bots from logging in.
  8. Cookie Lifetime: Set the cookie lifetime if the “Remember Me” option is checked on the login form.
  9. Wipe Data on Plugin Delete: Enable this to delete all WP Captcha data when the plugin is deleted.
  10. Click “Save Changes”: Once you’ve made your selections, click the “Save Changes” button. The plugin is now set up.


Login Protection Advanced




How to Utilize:

  1. Email Test: Send a test email to verify that you can receive emails from your website.
  2. Recovery URL: Save this URL in a safe place in case you lock yourself out and need to whitelist your IP.
  3. Import/Export Settings: Easily import or export WP Captcha settings.


Login protection tools