Security of login forms

  • Author
      • February 23, 2021 at 5:21 am #3525721

        Hello David

        I’m just redesigning my login page a little bit. Doing this, I was wondering how secure the login form should be.

        Should I use reCaptcha?
        What about brute-force and how to set it enough secure but not annoying for my customers?
        And other security aspects?

        Which plugins/functions do you use on your login page?

        And with which parameters are they set up? (like e.g. allowed logins with error only 5 times per 10min)

        Thanks for your reply.

        • February 23, 2021 at 5:21 am #3525729

          I wouldn’t put reCaptcha on there unless a problem arises. In all likelihood, you won’t experience an issue on your login, but reCaptcha has a 100% chance of annoying people when they try to log into your site.

          I don’t do anything special with mine. I change the URL using a plug-in called WPS Hide Login, that way they’re not accessing the default WordPress login script.

          Throttling their login attempts would be enough to ward off a brute force attack, if you’re worried about that.

            • February 23, 2021 at 5:21 am #3525844

              Thanks David.

              Yes, reCaptcha can really be annoying in my eyes too. I always hate to see it, when I login on a website.

              Then I would say, everything is already fine with my actual set up. Great! 🙂

        • You must be logged in to reply to this topic.