The bot login protection option can be used to protect against brute-force attacks.
A brute force attack is one of the most common threats faced by site owners. Many attempts in succession are made trying various combinations of usernames and passwords on the off chance one of them might work. This is all done with bots and not usually real humans. If you use strong passwords, you’ll be safe, but these bots can increase the load on your website slowing it down.
Since you can’t necessarily make sure all your members are using strong, unique passwords, use this Memberium feature to increase protection on your site.
Note
This option is available in Memberium v2.180 onwards. If you’re running on an older version, then please update Memberium to the latest version.
Here’s how you can use the bot login protection in Memberium.
Go to Memberium > Settings > Login tab and you’ll find the option for Bot Login Protection.
Both Basic and Maximum settings add a hidden form code to the login form. That code is checked when the login is submitted to attempt to determine if the login is an automated brute force login, or an actual form submission.
Disabled: Turn off the protection (default).
Basic: The hidden code is relatively static so that it can be safely cached by page caches, or reverse proxies. This makes it less effective since a static code can be easily stored and replayed for multiple login attempts.
This option is safe to be used even on sites where caching is enabled but it will be less effective.
Maximum: The hidden code is randomly generated based on several environmental factors, including the remote IP, making it harder to cache and re-use.
This option provides the most protection but should not be used if the site has caching enabled.
Additional Tips
- Do NOT use admin, admin1, techsupport, siteadmin, sitemanager as your username. These are the most common usernames found on WordPress sites and are very easy to guess.
- Use a complex and hard to guess password. Do not use passwords like 12345678, password1234, abcdefg, password, and such which are very common. Use a password with uppercase, lowercase and special characters.