How to Secure Your WordPress Login with Loginizer Pro Print

How to Secure Your WordPress Login with Loginizer Pro

Loginizer Pro is included free with every Unisolva hosting plan and is pre-installed on your WordPress site. It protects your WordPress login page from brute-force attacks - the most common method hackers use to gain access to WordPress sites. This article shows you how to configure Loginizer Pro for maximum protection.

Prerequisites

• WordPress installed on your Unisolva hosting account
• Loginizer Pro active in WordPress (go to Plugins > Installed Plugins and verify Loginizer Security is Active)

How Loginizer Pro Works

Loginizer Pro monitors login attempts to your WordPress site. When an IP address fails to log in a set number of times, Loginizer blocks it from making further attempts. This stops automated bots from guessing your password through thousands of rapid attempts.

Step 1 - Access Loginizer Settings

1. Log in to your WordPress dashboard at yourdomain.com/wp-admin
2. In the left menu, click Loginizer Security
3. The Loginizer dashboard shows you a live feed of recent login attempts and blocked IPs

Step 2 - Configure Brute Force Protection

4. Go to Loginizer Security > Brute Force
5. Configure the core settings:
   • Max Retries - the number of failed login attempts allowed before blocking (recommended: 3–5)
   • Lockout Time - how long an IP is blocked after reaching max retries (recommended: 15–30 minutes)
   • Max Lockouts - number of lockouts before the IP is blacklisted permanently (recommended: 3)
   • Blacklist Time - how long a permanently blacklisted IP stays blocked (recommended: 24 hours or higher)
6. Click Save Settings

Step 3 - Enable Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) requires users to enter a one-time code from an authenticator app in addition to their password. Even if a hacker knows your password, they cannot log in without your phone.

7. Go to Loginizer Security > Two Factor Auth
8. Enable 2FA for Administrator accounts (recommended) or all user roles
9. Each user will be prompted to set up 2FA on their next login using an authenticator app such as Google Authenticator or Authy
10. Scan the QR code with the authenticator app and enter the verification code to complete setup

Step 4 - Change Your Login URL (Login Slug)

By default, all WordPress sites use /wp-login.php as the login URL. Hackers know this and target it specifically. Loginizer Pro lets you change the login URL to something custom and harder to guess.

11. Go to Loginizer Security > Login Slug
12. Enter a custom login path (e.g. /my-secure-login or any unique string)
13. Click Save - your new login URL is now yourdomain.com/my-secure-login
14. Bookmark the new URL and share it only with authorized users

Step 5 - Review the Login Logs

15. Go to Loginizer Security > Logs
16. Review the log of recent login attempts - you will see the IP address, username attempted, and the result (Success / Failed / Blocked)
17. If you see many failed attempts from a specific IP, you can manually blacklist it under IP Management > Blacklist

Verify It Worked

• Go to Loginizer Security > Brute Force - settings are saved and brute force protection shows as Active
• Attempt to log in with a wrong password 3 times (using a different browser or incognito window) - after the max retries, the IP should be blocked and show a lockout message
• 2FA is enabled and users are prompted to enter a verification code on login

Related Articles

• How to Harden Your WordPress Site with WordPress Toolkit
• How to Update WordPress, Plugins, and Themes Safely (WordPress category)
• How SSL Certificates Work on Unisolva Hosting (AutoSSL)