Login Form Protection

Security Ninja offers several methods for protecting your login form.

Navigate to the Firewall tab and scroll down to the Login Form Protection section.

Protect the login form

You can disable the login protection if you are debugging an issue, but we recommend you keep the feature enabled in general.

Login notice

You can write a custom message to people trying to log in to your website. The default message is “Warning: Multiple failed login attempts will get you banned.”.

Auto-ban rules for failed login attempts

Many websites are bombarded with login attempts, and Security Ninja can automatically ban bots hitting your login form too aggressively. This reduces the load on the server.

Per default – Any IP failing to log in (wrong username or password) 5 times within 5 minutes is automatically banned for 2 hours.

You can tweak these settings to ban IPs for a longer time and even tweak the number of failed attempts before an IP is blocked.

Be careful if your website has many real users logging in and out. Putting too strict restrictions could block real users who need more than a few tries to remember their password.

Hide login errors

The default error messages when you try to log in can help the scripts identify if an account exists, they just have the wrong password. Hiding the message makes it harder for the robots and the default message is just “Error: Something went wrong”.

If you want to get more details on what the problem was you can navigate to the Events Log, which will contain more details than the error message.

Note – you can also change the login URL for extra protection – making it harder for the bots to guess where to attempt to log in.
Login Form Protection section
Screenshot as of version 5.154

Security Ninja also comes with a Last Login feature that adds a column to the Users page showing the last time the user logged in.


Was this helpful?