MelaPress Login Security enables you to set up policies to secure your WordPress Login Processes. To this end, MelaPress Login Security allows you to set up the following policies:

• Password policies
• Failed login attempts policies
• Inactive users policies

In this guide, we will go through the process of getting started with MelaPress Login Security.

Step 1: Install and activate the plugin

Once you’ve purchased the plugin, you will receive an email with detailed instructions on how to download the plugin file and your license key. If you cannot find the email, kindly check your Spam folder.

You can also log in to your My Account page, from where you’ll find downloads, license keys, and invoices, among other things.

You can follow our WordPress plugin installation guide for step-by-step instructions on how to install MelaPress Login Security

Step 2: Test the email system

MelaPress Login Security sends emails on various occasions, including password expiry notifications and password reset links. Therefore, it is important to confirm that your WordPress is able to send and deliver emails.

We have included a test email function that quickly and easily allows you to test email deliverability.

Navigate to Login Security > Settings and then scroll down to Email Test. Click on Send Test Email and ensure you receive it before proceeding forward. The email will be sent to the email address configured in your WordPress user profile.

Step 3: Enable Login Security Policies

Now that you’ve confirmed emails can be sent and received by their intended recipient, it is time to start configuring login policies.

Navigate to Login Security > Login Security Policies and enable the Enable password & login security policies option.

Step 4: Plan your policies

Once you enable policies, you will notice two tabs titled Site-wide policies and Administrator.

Any policies configured in the Site-wide policies tab apply to all site users. You can configure user role-specific policies through the second tab.

 

You can then choose whether you want to explicitly exclude the role from policies or inherit security policies from the Site-wide policies. Disable both options if you would like to set up user role-specific policies.

Step 5: Configure policies

The policy configuration page is divided into sections. The first section is called Password policies. Here you’ll find all of the configuration options available to set up password policies. The second section is called User account policies. Here you’ll find all of the configuration options to set up inactive user policies and failed login policies.

Password Policies

What is a password policy?

A password policy represents a set of requirements that users must meet when setting their password. As the administrator of your WordPress website, you set these requirements through a policy.

• Passwords must be minimum characters – Enter the minimum number of characters a password must have to be valid
• Password must contain at least one uppercase and one lowercase character – Enable this option to make sure passwords include at least one uppercase and one lowercase character to be valid
• Password must contain at least one special character – Enable this option to make sure passwords contain at least one special character
• Do not allow these special characters in passwords: Enter any characters you would like to prohibit from being used in passwords

Password Expiration Policy
Use this setting to ensure users set new passwords frequently. To set a password expiration policy, first, choose the magnitude from the drop then menu, then enter the value.

Disallow old passwords on reset
Use this setting to ensure users do not use old passwords following a password reset. Enter the number of previous passwords that a user is not allowed to use.

Reset password on first login
Enable this option to force users to reset their password on their first login.

Disable sending of password reset links
Enable this option to stop WordPress from sending password reset links. Users will need to contact the administrator for a manual reset.

User account policies

In this section, you can configure policies for inactive users and failed logins.

Inactive users

Inactive users policies allow you to configure policies to automatically manage inactive user accounts.

Disable inactive user accounts if they are inactive for more than
Enable this setting to automatically disable user accounts that have been inactive for a period of time. Define the period of time by selecting the magnitude from the drop then menu, then enter the value

Require inactive users to reset password on unlock
Enable this setting to require users whose account has been deactivated to reset their password upon reactivation.

Display the following message when a user has been deactivated
Enter the message you would like the user to see upon account reactivation

Failed login policies

Failed login policies allow you to limit failed login attempts.

Number of failed login attempts before locking a user: Enter the number of allowed failed login attempts before a user account is locked out

Time period required to reset the failed logins count: This setting allows you to specify over what period of time the plugin will keep a record of failed login attempts. For example, if you enter 1440 minutes, the plugin will keep tallying the number of failed logins for 24 hours, starting from the time of the first failed login. Once the time period elapses, the counter will reset to 0.

When a user is locked: This setting allows you to specify what happens after a user account is locked out for too many failed login attempts.

It can be only unlocked by the administrator: Choose this option if you want an administrator to manually unlock the account

Unlock it after minutes: Choose this option if you want the account to unlock automatically after an amount of time has passed. Enter the number of minutes you would like to wait before a locked account is unlocked.

Require blocked users to reset password on unblock: Enable this option if you want to require users to reset their password after it’s unlocked.

Learn more about MelaPress Login Security

MelaPress Login Security is jam-packed with features designed to keep your WordPress login as secure as possible. Discover how to do more by exploring our how-tos.