WP Simple Login Security – Frequently Asked Questions
The following WP Simple Login Security FAQs provide some insight into what you can and should do with this security plugin:
Q: I forgot my login key. I can’t login. What should I do now?
A: Remove the plugin via FTP and you should be able to login back to WordPress as usual. Clear your cache, then login via wp-login.php. Once logged in, re-upload the plugin, reactivate and reset your login key again to something that you can remember.
Q: Does it modify .htaccess file
Q: Does it modify wp-login.php file
Q: Does it modify wp-config.php file
Q: Is it Translation Ready?
A: Yes, you can use the plugin in your local language. Just create a .pot file for your language using the poedit software which you can download here: http://poedit.net/. After you created the .pot file, upload to /languages/ folder and that’s it. There is a tutorial available at:
Remember, your wordpress wp-config.php file must be configured to use your language. See this line in wp-config.php file (‘WPLANG’,”). Here are the instructions:
Q: How does login key work?
A: You assign login key to protect your login URL. A login URL without the login key will not allow the login form to appear. Since you are the only one who knows the login key, no one will be able to open the login page but you. While login key may effectively hide your login URL, this feature may not be useful with blogs that allow anyone to register since the login URL must be publicly accessible. In other words, if you have subscribers, you need to put a link to your login page in your frontend (re: homepage, sidebar, or footer) so that your subscribers can login.
Q: How does dual authentication work?
A: Dual authentication involves your own password and a second security code which is sent via your email. Since you are the only one with access to your email, this will add more security to your admin area. Somebody may have gotten your username and password but they will not be able to get in if they don’t have the security code.
Q: If a blog allows subscribers to login, will they be able to do so with dual authentication?
Q: I don’t want to protect my login URL. I am only interested with dual authentication. What should I do?
A: enable the dual authentication, leave the login key empty then save your settings.
Q: I have no subscribers and I am the only one who uses the login form, I am not interested in dual authentication. I just want to protect my login URL. How can I do this?
A: Provide a login key and disable the dual authentication.
Q: What is login key best used for?
A: If you are the only one or one of the few who logs in, then it is always best to setup a login key. Please keep your login key secret.
Q: The login URL is being saved in the browser history. Is there a way to prevent this?
A: Yes. By enabling the “incognito mode” in Chrome or by browsing privately read here for more details:
Or by erasing your browser history after you log out. Here is how to do it:
Q: I have a WordPress Blog that accepts subscriber registration. Is hiding the Login URL or setting a login key still useful?
A: Not really since you need to provide the login URL (ex: a link where members can login). It’s always best to enable dual authentication.
Q: I use a popular WP Caching plugin, what should I do when I change settings
A: Always remember to empty or clear the cache via corresponding cache plugins. Many popular WP caching plugins provide a button for you to clear the cache.
Q: I have another plugin that allows me to rename the wp-login.php. Can I use the login key?
A: No, because this may cause conflicts. You have to choose which one to use. You can not use both plugins at the same time for the same purpose. If you have renamed the login URL using another plugin, don’t use a login key. Or vise versa, if you use the login key, don’t use another plugin to rename the login url.
Q: Can I use WP Simple Login Security together with another 2 factor authentication plugin?
A: No. You can not enable dual authentication with other 2 factor authentication plugins. You can not use both plugins for the same purpose at the same time. This may cause conflicts as plugins with the same purpose will probably use the same set of hooks and filters. You have to choose which one to activate.
Q: I have renamed wp-login.php file using another plugin before I installed WP Simple Login Security. Can I still use the dual authentication feature?
A: Usually yes. However if the plugin you use loads its own copy of wp-login file, dual factor authentication may not work. WP Simple Login Security uses the native WordPress wp-login.php file on the root.
Q: I have been redirected to http://127.0.0.1/, what’s the problem?
A: There is no problem. It’s proof that the WP Simple Login Security is working great to block unauthorized user. If you don’t know the correct login key you will never be able to see the login page. If you are able to access the login page but failed to enter the correct password or authentication code a couple of times then the plugin is smart enough to understand that it needs to lock down the system. In the settings page, the administrator has the option to nominate the redirect page.
Q: Does it work with Wordfence?
Q: Do you support login via XML-RPC publishing protocol?
A: No, unfortunately. We will handle this in a future release of the plugin.