Category: Login Protection
Disabling LLA (Limit Login Attempts) when you are locked out
Really Simple Security Pro includes Limit Login Attempts functionality to protect your site against brute force login attacks. Repeated attempts to login using incorrect credentials will be blocked automatically. However, it could be that you’ve accidentally triggered too many invalid Login Attempts yourself, and that you’re (temporarily) locked out of your WordPress Account as a result. Renaming the really-simple-ssl-pro folder in the wp-content/plugins/ directory will allow you to regain access to the site; but as this would deactivate the plugin entirely,
About Login Authentication and 2FA
Really Simple Security offers two distinct approaches to Login Protection: Two-Factor Authentication (2FA) adds an extra security layer by requiring users to verify their identity with a second step after entering their password. Even if an attacker obtains a password, they would still need this second factor to gain access. Email verification: A verification code is sent to the user’s email address. Pros: easy to use, no need to install additional apps Cons: if the user’s e-mail address is compromised,
About CAPTCHAs and Really Simple Security
Starting with Really Simple SSL Pro 8.1 it is possible to implement a CAPTCHA in your login form. In this article we explain how you can configure a Captcha on the default login form for your WordPress website. Navigate to Really Simple SSL -> Settings. Under General settings you will see the ‘Captcha’ block as shown below 2. Currently Really Simple SSL has integrated hCaptcha and reCaptcha v2, which you can select via the Captcha provider dropdown. hCaptcha is the more privacy-friendly
Disabling 2FA when you are locked-out
Really Simple Security has the option to enforce 2FA (Two-Factor Authentication) to protect accounts from unauthorized access when your password is stolen. If for some reason you are unable to receive the required 2FA codes you will be locked out of your website. For example: You lost access to your phone with the TOTP (Authenticator) app, or 2FA was required for your account and the Grace Period to configure 2FA has expired. To disable 2FA in Really Simple Security and
Limit Login Attempts
The Limit Login Attempts function of Really Simple SSL protects your site from login attempts by unauthorized users. When you enable Limit Login Attempts, all login attempts are logged and repeated attempts to login with invalid credentials will be blocked automatically. Temporary lockouts By default, 5 invalid login attempts within 15 minutes will result in a 30 minute lockout of the offending ip address and/or username. All automatic lockouts are temporary and will be cleared after the configured lock-out duration.