Bot Login Protection

This Article Applies to

The bot login protection option can be used to protect against brute-force attacks.

A brute force attack is one of the most common threats faced by site owners. Many attempts in succession are made trying various combinations of usernames and passwords on the off chance one of them might work. This is all done with bots and not usually real humans. If you use strong passwords, you’ll be safe, but these bots can increase the load on your website slowing it down.

Since you can’t necessarily make sure all your members are using strong, unique passwords, use this Memberium feature to increase protection on your site.

Note

This option is available in Memberium v2.180 onwards. If you’re running on an older version, then please update Memberium to the latest version.

Here’s how you can use the bot login protection in Memberium.

Go to Memberium > Settings > Login tab and you’ll find the option for Bot Login Protection.

bot Login protection

Both Basic and Maximum settings add a hidden form code to the login form. That code is checked when the login is submitted to attempt to determine if the login is an automated brute force login, or an actual form submission.

Disabled: Turn off the protection (default).

Basic: The hidden code is relatively static so that it can be safely cached by page caches, or reverse proxies. This makes it less effective since a static code can be easily stored and replayed for multiple login attempts.

This option is safe to be used even on sites where caching is enabled but it will be less effective.

Maximum: The hidden code is randomly generated based on several environmental factors, including the remote IP, making it harder to cache and re-use.

This option provides the most protection but should not be used if the site has caching enabled.

Additional Tips

  • Do NOT use admin, admin1, techsupport, siteadmin, sitemanager as your username. These are the most common usernames found on WordPress sites and are very easy to guess.
  • Use a complex and hard to guess password. Do not use passwords like 12345678, password1234, abcdefg, password, and such which are very common. Use a password with uppercase, lowercase and special characters.
  • Was this Helpful?
  • YesNo
9 ways to add more value to your membership site

Table of Contents

This Article Applies to

Keep Reading

Default Excerpt

When a user visits a page that they do not have access granted to, one of several results can happen based on how you setup the page. This setting controls how excerpts are generated and displayed in your system. When a visitor reaches a page Excerpt, the system will first attempt to display the Excerpt defined for that particular page. If no Excerpt is defined, the system will display the “Default Excerpt”. If neither Excerpt is defined, nothing will be displayed.

Read More »

Want to get some fresh ideas on how you can improve your membership site or course?

Download our free ebook!

Book a Call

Welcome to Memberium!

We are very excited for you to be part of our family. 

We would love to answer any questions that you have!

Please choose the best time for you to get in a call with us. 

For Technical Support, you can contact us at https://keap.memberium.com/support/ or Email us at support@memberium.com.