Bot Login Protection

This Article Applies to

The bot login protection option can be used to protect against brute-force attacks.

A brute force attack is one of the most common threats faced by site owners. Many attempts in succession are made trying various combinations of usernames and passwords on the off chance one of them might work. This is all done with bots and not usually real humans. If you use strong passwords, you’ll be safe, but these bots can increase the load on your website slowing it down.

Since you can’t necessarily make sure all your members are using strong, unique passwords, use this Memberium feature to increase protection on your site.

Note

This option is available in Memberium v2.180 onwards. If you’re running on an older version, then please update Memberium to the latest version.

Here’s how you can use the bot login protection in Memberium.

Go to Memberium > Settings > Login tab and you’ll find the option for Bot Login Protection.

bot Login protection

Both Basic and Maximum settings add a hidden form code to the login form. That code is checked when the login is submitted to attempt to determine if the login is an automated brute force login, or an actual form submission.

Disabled: Turn off the protection (default).

Basic: The hidden code is relatively static so that it can be safely cached by page caches, or reverse proxies. This makes it less effective since a static code can be easily stored and replayed for multiple login attempts.

This option is safe to be used even on sites where caching is enabled but it will be less effective.

Maximum: The hidden code is randomly generated based on several environmental factors, including the remote IP, making it harder to cache and re-use.

This option provides the most protection but should not be used if the site has caching enabled.

Additional Tips

  • Do NOT use admin, admin1, techsupport, siteadmin, sitemanager as your username. These are the most common usernames found on WordPress sites and are very easy to guess.
  • Use a complex and hard to guess password. Do not use passwords like 12345678, password1234, abcdefg, password, and such which are very common. Use a password with uppercase, lowercase and special characters.
  • Was this Helpful?
  • YesNo
9 ways to add more value to your membership site

Table of Contents

This Article Applies to

Keep Reading

Update Contact HTTP POST

The update-contact HTTP POST function is a system for Infusionsoft to notify Memberium that an update has been made to the contact, and that Memberium needs to update the contact’s records. This is a more efficient system than having Memberium constantly check for updates. It’s also more efficient than using the [memb_sync_contact] shortcode, which will resync the contact everytime the page it’s on displayed, and not only after changes.

Read More »

Want to get some fresh ideas on how you can improve your membership site or course?

Download our free ebook!

Book a Call

Welcome to Memberium!

We are very excited for you to be part of our family. 

We would love to answer any questions that you have!

Please choose the best time for you to get in a call with us. 

For Technical Support, you can contact us at https://keap.memberium.com/support/ or Email us at support@memberium.com.