How can we help?

Search for answers or browse our knowledge base.

Table of Contents

Wordress login page hardening settings

Melapress Login Security enables you to harden your WordPress login page. Built on industry best practices, the plugin includes several options, each of which works independently, ensuring you can set up the security options that work best for you. 

To access the login page hardening options, navigate to Login Security > Login page hardening. Here you will find all login page hardening options, as listed below:

Change the login page URL

Hiding your WordPress login URL is a security tactic known as security-by-obscurity. It is a passive security method that aims to make it more difficult for bad actors to find your login page.

First, find the Change the login page URL section at the very top of the page. Next, enter the following:

  • Login page URL: Enter the new login page URL here
  • Old login page URL redirect: To redirect users trying to access the old login page, enter the redirect URL he

When choosing a new login page URL, consider using something that does not stand out for maximum effectiveness. Once ready, scroll down to the bottom of the page and click on Save Changes to apply the new settings.

Limit login page access by IP address(es)

You can limit access to the login page to select users by including their IP address in an allowlist (whitelist). Any users whose IP address does not match any of the IPs on the list will be automatically redirected to a page of your choosing.

To limit login page access by IP addresses, first, tick the checkbox next to Restrict login page access by IP address(es).

Next, enter each IP address you would like to grant access to and click the Add IP button to add them to the list.

Once that is done, specify the URL you would like to redirect restricted IPs to by entering the slug in the Redirect restricted IP address to.

Lastly, you can enter a fallback URL which you can use in case of emergencies, such as a sudden change in IP address. Through this fallback URL, you will be able to bypass the IP address restrictions on the login page. To add this optional setting, enter the slug in the text field next to the Bypass IP restriction URL option.

To ensure you’re GDPR compliant at all times, Melapress Login Security offers the facility to add a GDPR notice on the login page. Since IP addresses are processed by the plugin to determine access whenever such a policy is active, activating this notice ensures processes remain above board.

To enable the consent message on the login page, first, tick the checkbox next to Enable consent message on login page.

The plugin comes with a default message, which you’ll find in the Consent message section. This message is editable so you can make any changes you might see fit.

Block or allow access to the login page by countries

When limiting access based on geographical location, the plugin uses the user’s IP to determine their location. It will then apply the rules you set in the policy to either grant or deny access to the page.First, you need to get an IPLocate API key. If you have previously set up an IPLocate account to use with CAPTCHA 4WP, you can use the same API key.

Step 1: Configure IPLocate API Key

IPLocate offers a free plan that includes up to 1,000 verifications per day. You can set up your account by visiting IPLocate.io and registering for a new account.

Follow the instructions provided by IPLocate to get your key. Once done, log in to your WordPress dashboard, navigate to Login Security > Settings, and then click on the Integrations tab.

Enter your API Key in the textbox and click on Save Changes.

Step 2: Configure login page geo-blocking

With the API key in place, we can now go ahead and configure geo-blocking for the WordPress login page.

Navigate to Login Security > Login page hardening.

Scroll down until you see the Block or allow access to the login page by countries section and configure the below fields:

  • Country Codes: Enter the ISO country codes of the locations that you would like to block or allow
  • Action: Choose whether you want to:
    • Do nothing: Turns off the feature
    • Allow access from the above countries only: Limits login page access to users with an IP from the country or countries configured in ‘Country Codes’ and blocks everyone else.
    • Block access from the above countries: Blocks login page access to users with an IP from the country or countries configured in ‘Country Codes’ and allows everyone else.
  • Login Blocked Redirect URL: Choose which page you want to redirect blocked users to.

Once ready, click on Save Changes to apply the new settings.

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2