Category: Login Protection
Disabling LLA (Limit Login Attempts) when you are locked out
Really Simple Security Pro includes Limit Login Attempts functionality to protect your site against brute force login attacks. Repeated attempts to login using incorrect credentials will be blocked automatically. However, it could be that you’ve accidentally triggered too many invalid Login Attempts yourself, and that you’re (temporarily) locked out of your WordPress Account as a result. Renaming the really-simple-ssl-pro folder in the wp-content/plugins/ directory will allow you to regain access to the site; but as this would deactivate the plugin entirely,
About Login Authentication and 2FA
Really Simple Security offers two login protection approaches. Two-Factor Authentication (2FA) requires a second verification step after entering your password, preventing unauthorized access even if your password is compromised. Method Pros Cons Email Easy setup, no additional apps needed Vulnerable if email account is compromised TOTP/Authenticator More secure, 2FA codes generated on separate device Requires app installation, risk of losing device access Passkey Login replaces passwords entirely with device-based authentication (fingerprint, facial recognition, or security key). Method Pros Cons Passkey
About CAPTCHAs and Really Simple Security
Starting with Really Simple SSL Pro 8.1 it is possible to implement a CAPTCHA in your login form. In this article we explain how you can configure a Captcha on the default login form for your WordPress website. Navigate to Really Simple SSL -> Settings. Under General settings you will see the ‘Captcha’ block as shown below 2. Currently Really Simple SSL has integrated hCaptcha and reCaptcha v2, which you can select via the Captcha provider dropdown. hCaptcha is the more privacy-friendly
Disabling 2FA when you are locked-out
Really Simple Security has the option to enforce 2FA (Two-Factor Authentication) to protect accounts from unauthorized access when your password is stolen. If for some reason you are unable to receive the required 2FA codes you will be locked out of your website. For example: You lost access to your phone with the TOTP (Authenticator) app, or 2FA was required for your account and the Grace Period to configure 2FA has expired. To disable 2FA in Really Simple Security and
Limit Login Attempts
The Limit Login Attempts function of Really Simple SSL protects your site from login attempts by unauthorized users. When you enable Limit Login Attempts, all login attempts are logged and repeated attempts to login with invalid credentials will be blocked automatically. Temporary lockouts By default, 5 invalid login attempts within 15 minutes will result in a 30 minute lockout of the offending ip address and/or username. All automatic lockouts are temporary and will be cleared after the configured lock-out duration.