Login Limiter Pro

We recently released Login With AJAX 4.0 along with Pro 1.0, including this whole documentation site. This page is incomplete and contains basic/general information to get you started, we are currently working on our documentation for this feature. Bear with us!

Visit the WP Dashboard > Settings > Login With AJAX > Security tab on our settings page to see the availble security features when you install our Pro add-on:

Recommended Setup

Each site will have its own security needs. Whilst we cannot provide a catch-all recommendation, this is a general recommendation which would likely provide a pretty good security policy.

We recommend you set yourself up with the following structure, enabling all our security features so that they work together:

  • reCaptcha v3 with a high sensitivity (0-8 to 0.9) which would trigger 2FA verification for a low score.
  • 2FA verification, required every 30 days.
  • Login Limiter, 3 attempts with no timeframe, unblock with a 2FA verification.

This setup above will strike a balance of providing security measures without intruding or creating excessive friction to your users whilst logging in. You can play with any or all of these settings to find the balance appropriate to your site and needs, such as the reCaptcha sensitivity, 2FA days until re-verification, login attempts allowed etc.

Remember, these features are not exhaustive and do not mitigate all sorts of attacks, such as preventing attackers from repeatedly hitting your server (such as a DDOS), it is one layer of security which you can incorporate into your entire security policy.

We recommend exploring other security practices such as installing a WAF (Web Application Firewall), which would help prevent other means of attacks.