How can we help?

Search for answers or browse our knowledge base.

Table of Contents

Getting Started with Melapress Login Security

Melapress Login Security enables you to set up policies to secure your WordPress login processes. To this end, Melapress Login Security allows you to set up the following policies:

  • Password policies
  • User account and session policies
  • User login policies

In this guide, we will go through the process of getting started with Melapress Login Security.

Do note that login page hardening settings are covered separately.

Step 1: Install and activate the plugin

Once you’ve purchased the plugin, you will receive an email with your license key and instructions on how to download the plugin file. If you cannot find the email, kindly check your Spam folder.

Alternatively, you can also log in to your My Account page, from where you’ll find downloads, license keys, and invoices, among other things.

You can follow our WordPress plugin installation guide for step-by-step instructions on how to install any of our plugins.

To get started with the free version of Melapress Login Security, download the plugin from the WordPress repository. 

First, log in to your WordPress site, and navigate to Plugins > Add New Plugin. Click the Add New Plugin button and then search for Melapress Login Security in the Search Plugins search box as highlighted in the screenshot below. Next, click Install Now and once installed, activate the plugin.

Step 2: Test the email system

Melapress Login Security sends emails on various occasions, including password expiry notifications and password reset links. Therefore, it is important to confirm that your WordPress is able to send and deliver emails.

We have included a test email function that quickly and easily allows you to test email deliverability.

Navigate to Login Security > Settings and then scroll down to Email Test. Click on Send Test Email and ensure you receive it before proceeding forward. The email will be sent to the email address configured in your WordPress user profile.

Step 3: Enable Login Security Policies

Now that you’ve confirmed emails can be sent and received by their intended recipient, it is time to start configuring login policies.

Navigate to Login Security > Login Security Policies and enable the Enable login security policies option.

Step 4: Plan your policies

Once you enable policies, you will notice two tabs titled Site-wide policies and Role-based policies.

Any policies configured in the Site-wide policies tab apply to all site users. The Role-based policies tab, on the other hand,  allows you to configure role-specific policies.

To configure a policy for a specific role, first choose the role you want to configure the policy for by clicking on the arrow next to Role-based policies. You can then choose whether you want to explicitly exclude the role from policies or inherit security policies from the Site-wide policies. Disable both options if you would like to set up user role-specific policies.

Step 5: Configure policies

The policy configuration page is divided into sections as follows: 

  • The first section is called Password policies. Here, you’ll find all of the configuration options available to set up password policies. 
  • The second section is called User account & session policies. Here, you’ll find all of the configuration options to set up inactive user policies, session policies, unrecognized devices policies, and security questions. 
  • The third and last section is called User login policies, which allows you to set various login restrictions.

Password Policies

What is a password policy?

A password policy represents a set of requirements that users must meet when setting their password. As the administrator of your WordPress website, you set these requirements through a policy.

First, check the Activate password policies checkbox, and then configure the policy as follows:

  • Passwords must be minimum characters – Enter the minimum number of characters a password must have to be valid
  • Password must contain at least one uppercase and one lowercase character – Enable this option to make sure passwords include at least one uppercase and one lowercase character to be valid
  • Password must contain at least one numeric character – Enable this option to make sure passwords include a minimum of one number character (1-9)
  • Password must contain at least one special character – Enable this option to make sure passwords contain at least one special character
  • Do not allow these special characters in passwords: Enter any characters you would like to prohibit from being used in passwords

Password Expiration Policy

Use this setting to ensure users set new passwords frequently. To set a password expiration policy, first, check the Activate password expiration policies checkbox.

Next, choose the magnitude from the drop-down menu and then enter the desired value.

When you configure the password expiration policy, you can also configure the plugin to notify users when their passwords are about to expire.

Disallow old passwords on reset

Use this setting to ensure users do not use old passwords following a password reset. Check the Activate password recycle policies checkbox and then enter the number of previous passwords that a user is not allowed to use.

Reset password on first login

Check the Reset password on first login checkbox to enable this option and force users to reset their password on their first login.

Check the Do not send password reset links checkbox to enable this option and stop WordPress from sending password reset links. Users will need to contact the administrator for a manual reset should they forget their password.

User account and session policies

In this section, you can configure policies for user accounts and sessions.

Enable Inactive users policy

Check the Activate Inactive Users policies checkbox to enable this option and automatically manage inactive user accounts. 

Next, choose the period of inactivity required before an account is considered inactive and disabled. Choose the magnitude from the drop-down menu and enter a value in the text field.

You can also require inactive users to reset their password when they are unlocked. This policy is enabled by default. You can disable it by unticking the checkbox next to Require inactive users to reset password on unlock.

Lastly, you can choose to block password reset requests from users with locked accounts due to inactivity. Tick the checkbox next to Block Password reset requests from deactivated users (see locked users list) to activate this setting.

Activate the session policies

Session policies allow you to manage how long WordPress session cookies are valid for. Tick the checkbox next to Activate session policies to enable to policy.

By default, WordPress session cookies are valid for 2 days. You can change this setting by choosing the magnitude from the drop-down menu and entering a value in the text field next to Set the standard session cookie expiration time.

You can also change how long WordPress remembers users by choosing the magnitude from the drop-down menu and entering a value in the text field next to Set the “Remember me” session cookie expiration time.

Unrecognized devices policy

The Unrecognized devices policy keeps a record of users’ devices and alerts you whenever they log in with an unrecognized device. To enable this option, tick the checkbox next to Activate user unrecognized devices policy.

To receive an email whenever a user logs in with an unrecognized device, tick the checkbox next to Send an email to the site’s admin in the event of a terminated session. The email will be sent to the email address associated with the site’s admin user.

Security questions

Security questions in WordPress add an authentication layer whenever the user wants to perform a specific task. This ensures that the user is who they say they are. Available actions include resetting the password and enabling a deactivated account. To enable this policy, tick the checkbox next to Activate Security questions.

Next, choose when you would like users to answer security questions. Available options are:

  • When requesting a password reset: Tick the checkbox next to Require security question to initiate a password reset
  • When enabling a locked account: Tick the checkbox next to Require security question to enable a disabled account

Next, choose how many questions and answers each user for whom the policy applies must have saved. Users then have to answer one security question from the list of saved questions and answers.

Enter the minimum number of answers you require users to have in the Users must have at least pre-saved questions and answers field.

Lastly, you can add additional questions by clicking on the Add question button and typing in your question. To disable any of the preconfigured questions, click on the Disable option next to the question you want to remove.

User login policies

Restrict username/email address login

You can restrict which credentials users use to log in. By default, WordPress allows users to log in using either their email address or their username. Using this policy, you can choose to let users log in with either or just one of the options.

  • To allow users to log in with either option, tick the radio button next to Users can log in with either their username or email address
  • To only allow users to log in with their email address, tick the radio button next to Users can log in with their email address only
  • To only allow users to log in with their username, tick the radio button next to Users can log in with their username only

Restrict user login times

You can restrict user login times to limit when WordPress users can log in to your website. With this setting, you can configure which days of the week users are allowed to log in, and during which times.

  1. First, tick the checkbox next to Activate restricted user login times
  2. Next, untick the days of the week during which users are not allowed to log in
  3. Lastly, specify the times during which users can log in to

Limit the IP addresses users can log in from

The IP address restrictions policy enables you to limit the IP addresses WordPress users can log in from. Here you can set the number of different IPs users can log in from..

  1. Tick the checkbox next to the Activate IP addresses restrictions 
  2. Enter the number of different IP addresses a user can log in from in the Allow users to log in from different IP addresses

To customize the notification users see if they try to log in from an IP that is not on the list, navigate to Settings > User notification templates and modify the template User attempts login from a restricted location.

Failed login policies

Failed login policies enable you to limit login attempts by automatically locking accounts after a preset number of failed attempts. To enable this policy, first tick the checkbox next to Activate failed login policies and then configure the below:

  • Number of failed login attempts before the User account is locked: Enter the number of attempts a user is allowed to try to log in to the website, before being locked out.
  • Time required to reset the failed login count to 0: How long the plugin keeps a record of failed login attempts, in minutes.

When a user is locked: 

It can only be unlocked by the administrator: Choose this option to manually unlock locked accounts.

Unlock it after minutes: Choose this option to automatically unlock user accounts. Enter the number of minutes that must pass before the account is automatically unlocked.

Require blocked users to reset password to unblock: Tick this option to require unblocked users to reset their password on their next log in.

What’s next?

Now that you’ve set up login policies, it’s time to focus on your WordPress login page hardening with Melapress Login Security for even better security.

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2