iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them.
Keep reading for tips to avoid the dreaded lockout screen (in case you or your client has accidentally locked yourself out of your website) and how to release the lockout if it’s triggered. (Locked out? Get the release lockout solution now!)
What Types of iThemes Security Pro Lockouts Are There?
There are multiple ways a lockout can be triggered using the iThemes Security Pro plugin.
The 4 types of iThemes Security Pro lockouts:
1. Host Lockout
A Host Lockout is when someone using the same IP address makes repeated incorrect login attempts.
Set the number of attempts before an IP address is blocked in Security > Settings > Local Brute Force Protection. In the image below, you can see the Max Login Attempts Per Host are set to 5.
In Security > Settings > Global Settings, you can determine what the locked out host will see as a reason for the lockout. The default is set to display a bolded error message.
You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.
2. User Lockout
A User Lockout is when a username belonging to an existing user is used for multiple incorrect login attempts.
You can set the number of attempts before a user is blocked in Security > Settings > Local Brute Force Protection. In the image below, you’ll see the Max Login Attempts Per User are set to 2.
This article was written by Rebecca Diamond and originally published on WordPress News and Updates from iThemes – iThemes.