Rename Login Page VS Cookie Based Brute Force Prevention?

Underneath they are very different. One uses cookie, the other one doesn’t. They can’t both be enabled at the same time because they will conflict. I would recommend that you try the “rename login page” option first.

Ok, what’s the benefit of using cookie or not using cookie?

Why would I prefer and when to use one over the other?

This article should be useful:
https://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994

Yes, I read through that and didn’t explain my question doesn’t explain the difference between these two.

They both do the same thing of accessing the login page through rerouting a different link.

Hi @ipex Media, I had a read through the URL that @mra13 provided above.

Answering your question

Ok, what’s the benefit of using cookie or not using cookie?

Why would I prefer and when to use one over the other?

If you read the following part from the URL above, it answers your questions.

The way it works essentially is: you specify a “secret word” to the plugin, which creates a special URL. The special (secret) URL, when visited, deposits a cookie on the computer which, when present, allows that individual to visit the WordPress login page as usual. Without knowledge of the special URL (i.e. having the cookie), the user will be redirected to a different IP Address or URL that you configure. This could be to any site on the web but the default is https://127.0.0.1 which represents the local machine of the web site visitor.

Let me know if that helps you.

Kind regards

I know, and it sounds exactly like what the Rename Login does by having a different slug at the end of the domain to access the login page.

A demonstrative video would help, instead of explaining something on text that sounds exactly the same thing as each option would do.

That just explained the features, but doesn’t answer the question was a comparison.

Yes it probably does sound the same but in this security settings you are adding another level of security by utilizing a cookie.

Another words the cookie has some secret content and if the user tries to log in without the cookie present in the browser then they are redirected to another page depending on your settings.

Let me know if that helps you further?

Kind regards

So the Cookie Based Brute Force is a better superior option than Rename Login?

Then why have both options then, when CBBF is better than RL, and we can only select either one at the same time?

From what I know about this great plugin, having different options of security caters to all users needs.

Remember you probably won’t be able to enable all the security features in the plugins for various reasons and if you try to without thorough testing you might lock yourself out of your site. It has happened to many. That is why the developers have gone to extra lengths to add lots of instructions for everyone to read before they enable and implement an option.

I don’t enable this security feature in the plugin for my websites instead I use Google Authenticator and this plugin, which gives me the level of security I am happy with.

However my setup might not work for everyone hence the reason why there are many security options available for you to choose from.

I hope this helps you further. If you need more help let me know.

Kind regards

@ipex Media,
The main difference is that the cookie based feature does its defending at the .htaccess level (eg,apache) and the rename login feature stops people at the php level.

Thank you @wpsolutions ?? I will remember this from now on….

Kind regards

@wpsolutions
Honestly, I’m still not sure what that’s supposed to mean practically.

For example, how is defending at .htaccess level better/preferred than at the php level, and vice-versa?

It would help if you had a demo video or comparison VS chart to allow us to choose the better option.

Hi @mbrsolution,
Anytime mate! ??

@ipex Media,
Basically the 2 features aim to do the same thing – ie, to protect the login access to your wordpress site.

The cookie based feature will not work on some servers (eg, nginx) because they have a different setup and don’t use .htaccess files.
That’s why we introduced the rename login feature because this will generally work on most servers.

That’s the essential difference and the reason we have both features available is to cater for those people who can’t use one of them.

We do have a video for the cookie based feature because that is slightly more complex:
https://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994

When a hacker is trying to guess the URL, blocking them on a htaccesss level is much more efficient because your WordPress is not loading every time the hacker is making a guess so your server resource is not getting drained by some spammer.

When you do things on a PHP level, your site is loading which is costing you resource. So if a bot is doing thousands of guesses per X minutes and your server is loading the whole PHP environment, it can make your site super slow (because the server resource is being hogged).