MelaPress Login Security Plugin

IMPLEMENT CUSTOMIZED SECURE WORDPRESS LOGIN POLICIES WITH EFFICIENCY

Achieve better WordPress login and password security through policies that put you firmly in the driver’s seat. With high customizability and granularity, login security policies can be implemented by user role or site-wide for complete control over the security of your websites’ login process.

FEATURES & BENEFITS | UPGRADE TO PREMIUM | GETTING STARTED

Use the free edition of Melapress Login Security to implement WordPress password minimum length and complexity. The plugin also allows you to set expiration policies, prevent users from recycling old passwords, limit failed login attempts, and automatically disable inactive user accounts, among other things.

MAINTAINED & SUPPORTED BY MELAPRESS

Melapress builds high-quality WordPress security & admin plugins such as WP 2FA, CAPTCHA 4WP,and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Visit our website to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.

Features

Ensure your WordPress users use the most secure password policies through the following plugin features:

Features list

• Limit failed login attempts and automatically disable user accounts after a number of failed login attempts
• Change the login page URL (and set a 404 for the old page)
• Set policies by role or site-wide
• Provide users with helpful instructions during password configuration to meet set policy
• Set minimum password length
• Mandate the use of upper and lower case characters, numeric digits, and special characters
• Set an automatic password expiration policy (also advise users when password is about to expire)
• Disallow users from recycling old passwords
• Disable password reset links
• Mandate WordPress password reset on the first login
• Define policy priority for users with multiple roles
• Reset all users’ passwords with just one click
• Add a GDPR consent notice to the login page (required by GDPR & PCI DSS compliance)

Upgrade to Melapress Login Security and get more

The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them.

Features list

• Everything in the free version
• One-click integration with third-party plugins such as WooCommerce, LearnDash, Memberpress, and many others
• Automatically disable inactive WordPress users after a set time
• Add Geo-blocking rules to restrict login page traffic to specific countries, or block traffic from specific countries
• Restrict every user’s login to an IP address, or a configurable number of IP addresses
• Restrict WordPress users’ login time by day and/or hours
• See reports of when users were last active, what’s their password age, and whose password is expired
• Receive detailed weekly summary reports over email of password resets and changes, user account lockouts, and more

Free and premium support

Support for MelaPress Login Security is free on the WordPress support forums.

Premium world-class support is available via email to all Melapress Login Security users

Note: Customer support for customers on a premium plan is given priority and is provided via one-to-one email. Upgrade to premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form.

Further reading and documentation

You can find more detailed information about WordPress website security, password security and user management, security best practices, and much more in the recommended reads linked below.

WordPress Password Policy: Enforcing strong passwords
WordPress security & hardening – the definitive guide
The definitive guide to WordPress security plugins

Install the plugin from within WordPress

1. Navigate to Plugins > Add New
2. Search for “Melapress Login Security”
3. Install & activate Melapress Login Security from your Plugins page

Install the plugin manually (via file upload)

1. Download the plugin from the WordPress plugins repository
2. Unzip the zip file and upload the folder to the /wp-content/plugins/ directory
3. Activate the Melapress Login Security plugin through the Plugins page in WordPress

1. 

   The configurable login security policies in the plugin.

2. 

   The plugin is highly configurable, allowing you to fine tune the plugin's functionality to fit your requirements.

3. 

   You can configure different login security policies for every user role, or exclude the role from the policies, or simply inherit the site-wide policies for every role.

4. 

   Change the login page URL as a security hardening technique, and also add a GDPR consent message, which is required by PCI DSS and GDPR compliance regulations.

5. 

   In the Premium edition you can also limit the traffic to the login page by country or a number of countries.

6. 

   Users are notified when their password expires.

7. 

   It is very easy for a user to know what their password should include or not because the policies which are not met when setting a new password are highlighted in red.

8. 

   In the Premium edition you can also restrict the number of IP addresses a user can log in from, allowing you to easily control account sharing and boost user security.

9. 

   In the Premium edition the Reports allow you to see the last time users were active, the last time they reset their password, and those users with an expired password.

1.3.1 (2024-05-30)

• New features

  • New GDPR consent message on the login page (this is a new optional setting and the admins can also edit the message).
  • New shortcode to add the GDPR consent message to any custom login page.
  • Password expiry notification: users can now be notified via a notice in the dashboard prior to their password expiring.

• Plugin improvements

  • Added some more links to plugin’s documentation in the plugin’s help text.
  • Added in-dashboard notification to advise users what is new and improved in the plugin with each update.
  • Enhanced Notification System: Improved the overall infrastructure of the plugin’s notification system.
  • Created a new “User Management” page and centralized the “Locked Users” and “User import/export” in this new section, for a better UX.
  • Updated some settings to ensure they all use the same prefix in the database settings table.
  • PHP Function Tweaks: Adjusted some PHP functions to prevent potential errors when timed login policies are active.

• Bug fixes

  • Fixed an edge case in which a fatal error is caused when unlocking a locked user and both the Free and Premium editions are installed.
  • Security patch: fixed a low severity security issue reported by YC_Infosec.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of Melapress Login Security.