Login Limiter Pro
We recently released Login With AJAX 4.0 along with Pro 1.0, including this whole documentation site. This page is incomplete and contains basic/general information to get you started, we are currently working on our documentation for this feature. Bear with us!
WP Dashboard > Settings > Login With AJAX > Security tab on our settings page to see the availble security features when you install our Pro add-on:
Each site will have its own security needs. Whilst we cannot provide a catch-all recommendation, this is a general recommendation which would likely provide a pretty good security policy.
We recommend you set yourself up with the following structure, enabling all our security features so that they work together:
- reCaptcha v3 with a high sensitivity (0-8 to 0.9) which would trigger 2FA verification for a low score.
- 2FA verification, required every 30 days.
- Login Limiter, 3 attempts with no timeframe, unblock with a 2FA verification.
This setup above will strike a balance of providing security measures without intruding or creating excessive friction to your users whilst logging in. You can play with any or all of these settings to find the balance appropriate to your site and needs, such as the reCaptcha sensitivity, 2FA days until re-verification, login attempts allowed etc.