• Lock the server, similar to a /whitelist
• Permission to bypass the lockdown
• Command to check the lockdown status
• Notifications when players try to join during a lockdown
• YAML storage
• Fully customizable

Installation and Dependencies
This script requires the addon SkQuery for it to work. You will also need the Skript plugin itself. Install both of these plugins and restart your server. Open the lockdown.sk file in a program like Notepad++ and customize it in the "options" section. Once you"ve done that, just save the file and drop it in the "scripts" folder under Skript, then all you have to do is type /skript reload lockdown and the script will be functional!

Permissions
- lockdown.lock - To lock the server and to end lockdowns
- lockdown.bypass - To bypass a lockdown
- lockdown.notify - To get notifications when the server gets unlocked or when a player tries to join during a lockdown
- lockdown.info - Can use /lock or /lock info to see the current lockdown status

Customization

SpoilerTarget"> Spoiler: Customization Section

# ====================
#OPTIONS
# ====================
# p = prefix
#c. = colorcode(&a, &b, &1..)
#t. = text
#m. = message
options:
# Prefix used for all messages
p: &7[&cLOCK&7]

# Should there be a space between the lines and the help message
b.space: true

# Lines used for the help message
t.lines: &7====================================================

# Colorcode used for /command in help message
c.help: &c

# Colorcode used for the description in the help message
c.desc:&f

# Message that gets sent to the executor when he removes the current lockdown
m.end: &aYou ended the current lockdown!

# Message that gets sent to players with the notify permission when someone removes the lockdown
m.ended: &b%player% removed the current lockdown!

# Message that gets sent to the player when he tries to remove an unexisting lockdown or when there is no lock active in a /lock info
m.notlocked: &cThe server is currently not locked!

# Message in /lock info when the lock is active
m.active: &aLockdown active

# The kick-message used for the lockdown (use %(_reason)% for the reason and %nl% for a new line)
t.reason: &c&lLOCKDOWN ACTIVE%nl%%nl%&fReason: &c%(_reason)%%nl%%nl%&7Sorry for the inconvenience!%nl%&bwww.example.com

# Message used to say that a lock is now active
m.start: &aLockdown activated! &fReason: &c%(_reason)%

# Message used when the player doesn't have the right permission
m.noperm: &cYou do not have the required permission for this command!

# Message send to players with notify permission when a player tries to join during a lockdown
m.tried: &7%player% tried to join!

Hello, dear readers of the blog site! Topic of today's article: protection WordPress blog from burglary by selecting a password to enter the admin panel. This method is called . This problem is very relevant, since cases of unauthorized access to the holy of holies of a blog, namely the WordPress control panel, are, unfortunately, not at all rare.

In general, the topic of WordPress security is very broad and is not limited only to and, which I have already written about earlier. Much sadder consequences (I don’t even want to imagine) can occur if attackers gain access to the blog admin area. Our task is to do everything possible to prevent this from happening. And today I will tell you only about one of the ways to strengthen the protection of your blog. Meet the WordPress Security Plugin Login LockDown.

Protecting your WordPress admin from hacking using the Login LockDown plugin

The easiest way to hack a site is to guess the username and password to enter the control panel. It must be said that many bloggers themselves make the hacker’s job 50% easier by leaving the default login. And then all he has to do is find the password.

Have you changed your username or do you still have the name admin? If not, do so immediately. My article ““ may help you with this.

Be sure, immediately after installing the engine, change the password to a more secure one (make it about 20 characters, using upper and lower case letters, numbers and special characters). This can be done directly from the admin panel by going to the “Users” - “Your profile” menu. Enter twice New Password and save the changes by clicking the “ Update profile“. Change your password periodically and do not use it on other sites.

With such simple actions we will already complicate the task of hackers. But let’s say they turned out to be stubborn and don’t give up trying, using special programs to select a password. And here the security plugin for WordPress Login LockDown comes to our aid.

How the Login LockDown plugin works

The plugin fixes exact time and the IP address from which an unsuccessful attempt was made to log into the blog admin area. When a certain number of unsuccessful attempts are made over a certain period of time, the plugin blocks access to the site on specified time. The message is displayed:

“Error: Sorry, but this IP range has been blocked due to too many failed login attempts. Please try again later."

In addition, you will have a list of all blocked IP addresses and the ability to unblock them in the plugin settings. Let's take a closer look at them.

Installing and configuring the Login LockDown security plugin

Install and activate the plugin. I described the installation of this plugin in detail, as an example, in the article ““. Therefore, without further ado, let’s get straight to the settings.

Go to the menu “Options” – “Login LockDown”.

The figure shows the default settings. You can change them as you wish. Below I will describe what each of the points means and give my comments:

• 1. Max Login Retrieves– the maximum number of attempts to log into the blog admin panel. I think it makes no sense to put more than three.
• 2. Retry Time Period Restriction (minutes)– time period in minutes for retry. Five minutes is enough to even run to the Canadian border, let alone enter the password.
• 3. Lockout Length (minutes)– time in minutes for which access to the WordPress admin area is blocked. You can leave it for 60 minutes, or you can set it longer.
• 4. Lockout Invalid Usernames– should incorrect login input be taken into account? We mark this item and the plugin, in addition to the password, will also take into account the incorrectly spelled name. Extra protection for your blog is never too much.
• 5. Mask Login Errors– masking errors when entering incorrect data. We mark it, and then the attacker will not know that his actions are under control (he didn’t notice any difference).
• 6. Currently Locked Out– a list of currently blocked IP addresses and the time until unblocking is displayed here. More on this below.

After making the settings for the Login LockDown security plugin, click the “Update Settings“ button for the changes to take effect.

For clarity, I will decipher what will happen when you try to hack a blog if the settings are, for example, default, as in the figure above. If the password is entered incorrectly more than 3 times with an interval of 5 minutes, access to the admin panel will be blocked for 60 minutes.

Now let's go back to the list of IP addresses. I don’t know when this might be needed, but you have the opportunity to unblock an IP address that has fallen out of favor. To do this, check this item and click “Release Selected“. This probably makes sense if not only you have access to the blog. For example, several authors or a freelancer must correct something.

One more detail. If you noticed, in the first screenshot you can see that under the login form in the admin panel a warning is displayed about protection by the Login LockDown plugin. It should appear if you installed the plugin correctly and it is working. But in this case, the meaning of paragraph 5 is lost, because the attacker will be warned about the protection in advance. Let's remove this inscription.

Go to the menu “Plugins” - “Editor”. Select our security plugin from the drop-down list at the top right and click “Select”. We find it in the file login-lockdown/loginlockdown.php this line (see picture below) and delete everything between the quotes. Click “Update file” and go to the login page. The inscription should disappear.

Please note the warning on the editing page. Before making changes, deactivate the plugin and then enable it again. I hope there is no need to remind you that before any editing of files, you need to make copies of them.

Now WordPress Login LockDown security plugin will not allow an attacker to gain access to the admin panel by guessing the password. Of course, this does not guarantee 100% protection for WordPress from hacking and other troubles. But each type of blog defense will build a wall in front of the enemy brick by brick. The higher this wall is, the more peacefully you will sleep at night.

It is important to remember that you need to pay no less attention to blog security issues than to writing unique content and promoting your blog. search engines. In future articles I will return to this topic more than once. Subscribe to blog updates to always stay up to date. See you soon!

Website security is a priority when developing a web project, and WordPress security will be no exception. Attempts of unauthorized access to blog management, although not universal, do occur in the life of a webmaster...

To protect your website from blatant hacking, by selecting input data, you can limit access to the administrative panel. To do this, you can leave priority only for trusted IP addresses, or set a limit on the number of authorization errors.

A popular tool for bloggers in the fight against selection is free plugin— Login LockDown. This highly specialized add-on is aimed at tracking authorization attempts, that is, logging into the WordPress console.
A special feature of the plugin is the flexibility of its settings, allowing the administrator to delay each login attempt, limited to a specified number, and then block the attacker (his IP address) for a long time!

Installation and activation

You can install the add-on using FTP access, having first downloaded the archive with the plugin - https://wordpress.org/plugins/login-lockdown/
or go to the “Plugins” section of the admin panel, click “Add new” at the top, then enter the name in the search bar and press “Enter”. We install the first result, and then activate it.

Plugin settings

As previously noted, the number of LoginLockDown options is small and represents only functional parameters. Once activated, the plugin operates with default values, which are preferred by most users.
In the panel, expand the “Settings” section, where you will find the “Login LockDown” item, click and go to the settings page “ Login LockDown Options»:

1. Max Login Retries – the number of authorization attempts after which the address is blocked. The default is 3 (we do not recommend setting more than 5 attempts).
2. Retry Time Period Restriction (minutes) – the number of minutes between attempts to log in, by default 2 minutes (it is better to reduce it so that the user can re-login soon).
3. Lockout Length (minutes) – the number of minutes of blocking an IP address, by default 120 (2 hours), it is quite possible to increase with the proper level of danger.
4. Lockout Invalid Usernames? – option to disable plugin functions for unregistered names (logins). We enable it at our discretion, since selecting a non-existent login-password pair does not pose any danger.
5. Mask Login Errors? – option to disable authorization errors. The user will not be notified if the username or password is incorrect.
6. Show Credit Link? – option to display a link to the plugin’s official website (advertising for Login LockDown developers). Displayed by default, to disable click the third checkbox.
7. Update settings – button to update settings, click at the end to save the changes made.
8. Currently Locked Out – area with a list of blocked addresses. It is possible to clear the IP for trusted persons who have not gained access to the admin panel.

Instead of an afterword

This way, you can unobtrusively restrict access to the WordPress admin area, excluding automatic or manual selection. The Login LockDown plugin is updated periodically to indicate compatibility with current versions CMS.

Hi all! Today I want to talk about a very useful plugin for WordPress that protects us from brute force hacking (brute-force selection of login and password by brute force.) The plugin is called Login LockDown. Easy to install and configure, the plugin provides protection at a decent level.

There is no such function in the WordPress engine itself that would help stop attempts to hack the admin panel, and this is quite a significant disadvantage. Moreover, 90% of new bloggers have default nicknames admin or do not know how to hide their nickname. No matter how this plugin makes up for this disadvantage. Installed as standard. In the WordPress console, select Plugins->Add new. Then find it in search Login LockDown install/activate. After activating the plugin, go to Settings->Login LockDown.

Login LockDown Settings

And so here is a list of parameters that you can edit:

1. Max Login Retrieves– this parameter is responsible for the number of login/password entry attempts.
2. Retry Time Period Restriction (minutes)– this parameter is responsible for the time period for the next attempt. Time is indicated in minutes.
3. Lockout Length (minutes)– this item blocks access to the blog for a specified time. Blocking occurs after a certain amount unsuccessful attempts to access the site.
4. Lockout Invalid Usernames– this item is unnecessary for me and should have been enabled by default. This item keeps track of incorrect logins entered, not just passwords.
5. Mask Login Errors– an item that supposedly hides a notification about incorrect login/password entry. But in principle, if after entering the data you were unable to enter the blog, then it is clear that the login or password is incorrect.
6. Currently Locked Out– the actual list of blocked IP addresses that were blocked due to exceeding the specified number of errors entered.

The principle of operation of the plugin is simple. The user enters his login/password and makes mistakes 3 times. The plugin blocks this user's IP address and access to the blog for a specified time. That's the whole process of installing and configuring the plugin. At a minimum, we already have “protection from fools” :), but don’t let your guard down. And in general, a little advice: change your passwords every 3-4 months. Try to set complex passwords.

Greetings, colleagues. This article will talk about how to protect your blog on the WordPress engine from hackers and all those with itchy hands. Let's start with the fact that nowadays sites are hacked quite often, especially online stores, even if they are not well-promoted. This is mostly done by hackers and those people who are not hackers, but they also know a couple of methods from their fellows on how to hack this or that site.

Having gained access to the site, they, as a rule, do not set themselves the goal of making a profit from it, as the former owner did. Having hacked a website or blog, they most often turn to its owner for ransom. The price depends on many parameters, ranging from the subject of the site to the number of visitors per day. If the former owner refuses to pay, then the thief simply goes to any buying and selling exchange site, for example, and sells it.

But to be honest, all this is not very profitable. As I wrote earlier, online stores are hacked not because of the site itself, but because of the information that is stored on it, or rather the passwords and plastic card numbers of those people who paid for the goods. But if you have even a simple fishing blog, don’t think that this won’t affect you either. The fact is that the hackers themselves essentially do nothing; for this they have special software (programs) that look for vulnerabilities on your blog.

One of these selects passwords for your admin panel (authorization panel) in order to hack it. If you have a weak password, then you will simply be opened like a tin can in less than a few minutes. Those who realized it too late are already too late to think about how to protect the blog , since even if you manage to regain access to it, the hacker will definitely leave some unnoticeable code so that in the future you can go to this site again, as if it were your own home. Therefore, it is better to think about how to protect your blog as much as possible at the initial stages of running your project. , because if you do this not now, then it will be too late. So, in this article I will introduce you to two plugins: login lockdown and limit login attempts, which will reliably protect your brainchild 24 hours a day.

How the Login LockDown and limit login attempts plugin works.

Everything is very simple, as I wrote above, they are trying to guess our password, so let’s limit this pleasure for them. The login lockdown and limit login attempts plugins prevent you from logging in to the site for some time if the password is entered incorrectly. You set the number of attempts and time yourself. They also remember the exact time and IP of the computer from which they tried to hack the site. You can configure plugins so that they themselves send such craftsmen to a ban (black list).

As a result, having made mistakes several times, they were no longer able to continue their attempts, unless, of course, they had a dynamic IP. But under any circumstances they will no longer be able to do this in fast mode. It can even take them months or years to hack such a site, it all depends on the complexity of your password and the settings you specify. So don't worry, they will have to wait until retirement anyway.

Installing and configuring the login lockdown plugin.

Lockout Invalid Usernames– check the box here if you want incorrect login input to be taken into account. That is, in addition to the password, the login will also be checked. This function is needed if you are not blogging alone and there are other users with different names. Even if there are none, we still set Yes.

Mask Login Errors– check the Yes box here if you want errors when entering incorrect data to be masked.

ShowCreditLink– here put “No, donotdisplaythecreditlink” if you want the plugin inscription not to be displayed when entering the admin panel, thereby not giving a hint to thieves what the problem might be.

Currently Locked Out— here you can remove IP addresses that were banned. To do this, check them and click on “Release Selected”. Ok, after you have configured everything, click on “Update Settings”.

Installing and configuring the limit login attempts plugin.

Download the limit login attempts plugin and upload it to the blog, activate it. Go to “settings” “Limit Login Attempts”.

Essentially, the limit login attempts plugin is the same as login lockdown only with more advanced settings. In them you can see how many times they tried to hack you. For some owners of websites not even related to money, this figure reaches 8 thousand! You can also set up to be notified by email if a hacking attempt fails. By the way, there is another cool feature that I really liked. You can link the IP of your computer to the admin panel, that is, you can log in to your blog only through your computer.

To enable this function, check the “Yes” box next to – process login cookies. Even if your computer breaks down, it doesn’t matter, just remove the plugin and the protection will go away. Ok, I think you can figure out the rest of the settings yourself; they are in Russian. Concluding this article, I want to say that we have only done a small, but already significant part of protecting our creation, but this is far from the end, so I recommend that you read the next article -.