Search for answers or browse our knowledge base.
Getting Started with Melapress Login Security
Melapress Login Security enables you to set up policies to secure your WordPress login processes. To this end, Melapress Login Security allows you to set up the following policies:
- Password policies
- Failed login attempts policies
- User login times policies
- Inactive users policies
In this guide, we will go through the process of getting started with Melapress Login Security.
Step 1: Install and activate the plugin
Once you’ve purchased the plugin, you will receive an email with your license key and instructions on how to download the plugin file. If you cannot find the email, kindly check your Spam folder.
You can also log in to your My Account page, from where you’ll find downloads, license keys, and invoices, among other things.
You can follow our WordPress plugin installation guide for step-by-step instructions on how to install any of our plugins.
Step 2: Test the email system
Melapress Login Security sends emails on various occasions, including password expiry notifications and password reset links. Therefore, it is important to confirm that your WordPress is able to send and deliver emails.
We have included a test email function that quickly and easily allows you to test email deliverability.
Navigate to Login Security > Settings and then scroll down to Email Test. Click on Send Test Email and ensure you receive it before proceeding forward. The email will be sent to the email address configured in your WordPress user profile.
Step 3: Enable Login Security Policies
Now that you’ve confirmed emails can be sent and received by their intended recipient, it is time to start configuring login policies.
Navigate to Login Security > Login Security Policies and enable the Enable login security policies option.
Step 4: Plan your policies
Once you enable policies, you will notice two tabs titled Site-wide policies and Administrator.
Any policies configured in the Site-wide policies tab apply to all site users. You can configure user role-specific policies through the second tab.
To configure a policy for a specific role, first choose the role you want to configure the policy for by clicking on the arrow next to Role-based policies. You can then choose whether you want to explicitly exclude the role from policies or inherit security policies from the Site-wide policies. Disable both options if you would like to set up user role-specific policies.
Step 5: Configure policies
The policy configuration page is divided into sections. The first section is called Password policies. Here, you’ll find all of the configuration options available to set up password policies. The second section is called User account policies. Here you’ll find all of the configuration options to set up inactive user policies and failed login policies. The third and last section is called Timed login policies which allows you to set time-based login restrictions.
What is a password policy?
A password policy represents a set of requirements that users must meet when setting their password. As the administrator of your WordPress website, you set these requirements through a policy.
- Passwords must be minimum characters – Enter the minimum number of characters a password must have to be valid
- Password must contain at least one uppercase and one lowercase character – Enable this option to make sure passwords include at least one uppercase and one lowercase character to be valid
- Password must contain at least one numeric character – Enable this option to make sure passwords include a minimum of one number character (1-9)
- Password must contain at least one special character – Enable this option to make sure passwords contain at least one special character
- Do not allow these special characters in passwords: Enter any characters you would like to prohibit from being used in passwords
Password Expiration Policy
Use this setting to ensure users set new passwords frequently. To set a password expiration policy, first, choose the magnitude from the drop-down menu and then enter the desired value.
Disallow old passwords on reset
Use this setting to ensure users do not use old passwords following a password reset. Enter the number of previous passwords that a user is not allowed to use.
Reset password on first login
Enable this option to force users to reset their password on their first login.
Disable sending of password reset links
Enable this option to stop WordPress from sending password reset links. Users will need to contact the administrator for a manual reset.
User account policies
In this section, you can configure policies for inactive users, and failed logins
Inactive users policy
The inactive users policy allows you to configure policies to automatically manage inactive user accounts. For example you can configure the period of time that has to pass for a user to be considered inactive, you can require inactive users to reset a password upon unlock and other settings and parameters.
Failed login attempts policy (also known as limit failed login attempts)
The failed login policy allows you to limit failed login attempts. In this section, you can configure the number of failed login attempts before locking a user, the time period required to reset the failed logins count, if a user account is unlocked automatically after a period of time or if it has to be unlocked by the administrator, and several other settings.
Timed login policies
In this section, you can set user login times restrictions.
User login time policy
The user login policy allows you to limit the times during which a WordPress user can log in to your website. In this policy you can configure which days of the week users are allowed to log in, and during which times.
Learn more about Melapress Login Security
Melapress Login Security is jam-packed with features designed to keep your WordPress login as secure as possible. Discover how to do more by exploring our how-tos.