It was, until recently, one of the plugins that I listed on by top 5 plugins. However, after some playing with the plugin I am afraid that I am removing from my list. It just doesn’t live up to the promises that it makes.

Not on my installations anyway. Feel free to let me know though if you have it working!

First, it did not create the table that it needed during the installation process. This was easily remedied even if the plugin never told me that it was not recording failed login attempts.

And, once the table was created it did indeed lockout the wp-login.php page. But, by simply submitting the login request to the wp-admin page instead, I could still login!

This is obviously a huge failing. I would simulate the three failed logins, be logged out, go to the wp-admin page and then login quite happily. I tried the process again and the same happend. I even checked the table in case I was given a new IP address during the attempts, but the same IP address was recorded all 6 times.

Whether it stops anyone getting on with a script I am doubtful. Without writing a bulk login script to test it out I do not know for certain. But I am very dubious.

Sadly, it looks like I might be back to the dreaded security plugin that I have just removed that validates every IP address. There has to be something better for me to use!

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)