Category: WordPress Security
About CAPTCHAs and Really Simple Security
Starting with Really Simple SSL Pro 8.1 it is possible to implement a CAPTCHA in your login form. In this article we explain how you can configure a Captcha on the default login form for your WordPress website. Navigate to Really Simple SSL -> Settings. Under General settings you will see the ‘Captcha’ block as shown below 2. Currently Really Simple SSL has integrated hCaptcha and reCaptcha v2, which you can select via the Captcha provider dropdown. hCaptcha is the more privacy-friendly
LiteSpeed Cache and Security Headers
If you are using LiteSpeed cache you may have problems updating your security headers. This is because LiteSpeed cache will prevent the loading of our advanced-headers.php file. The solution for this is to add rsssl_after_saved_fields to the “Purge All Hooks” list in the LiteSpeed cache settings. This will purge the LiteSpeed cache on every save of the Really SImple SSL settings. NOTE: This will not work for CSP learning mode because learning mode changes the headers without a manual save
Disabling 2FA when you are locked-out
Really Simple Security has the option to enforce 2FA (Two-Factor Authentication) to protect accounts from unauthorized access when your password is stolen. If for some reason you are unable to receive the required 2FA codes you will be locked out of your website. For example: You lost access to your phone with the TOTP (Authenticator) app, or 2FA was required for your account and the Grace Period to configure 2FA has expired. To disable 2FA in Really Simple Security and
Limit Login Attempts
The Limit Login Attempts function of Really Simple SSL protects your site from login attempts by unauthorized users. When you enable Limit Login Attempts, all login attempts are logged and repeated attempts to login with invalid credentials will be blocked automatically. Temporary lockouts By default, 5 invalid login attempts within 15 minutes will result in a 30 minute lockout of the offending ip address and/or username. All automatic lockouts are temporary and will be cleared after the configured lock-out duration.
Password Security
If the login credentials of accounts on your WordPress sites are compromised, this could result in your site getting hacked. The Password Security features in Really Simple SSL aim to strengthen the protection of WordPress accounts on your website. We will explain each of these features below, and how they can help you improve the security of user accounts. Securing User Accounts and Passwords Activating the “Enforce strong passwords” setting enhances WordPress’ default password strength check (for all new user registrations);