About Login and Spam Protection

We at miniorange ensure that all the users on your WordPress site are safe from Login threats and spam. For this reason, we have developed a lot of features that can make your job as an ADMIN or a user fairly simple. Through just a few clicks and in a matter of minutes you and your website will be completely protected from hackers and spamming servers.

We provide different services under Login and Spam.

1. Login security - Make sure that hackers cannot hit your WordPress login pages with brute force or dictionary attacks using our Brute Force Protection.
2. Registration Security - Defend your site against fake bots by enabling OTP verification and Social Login integration.
3. Content and Spam - Make sure that hackers cannot access data about your WordPress site by using WP REST API injection or accessing your config.php files, htaccess files, and directory browsing.

Login Security

Under this section, we will be covering all the features required for you to safeguard your site from brute force and Dictionary attacks.

Brute Force Protection (Login Protection)

A Brute Force Attack targets the website by repeatedly trying combinations of Usernames and Passwords until it gets a valid pair. This can be extremely effective when individuals use passwords like ‘admin’, ‘root’, ‘password123’.

To protect your website from these kinds of attacks you can follow these simple steps.

• Search for “miniOrange Limit Login Attempts” in the search box and install the plugin called “Limit Login Attempts” in the plugins section under your WordPress dashboard.
• Click on the Install>>Activate button.




• Now go to the plugin.
• Let’s move towards the Login and Spam protection. Here you should find the Brute Force Protection section and you can set the limit on the Login attempts and if it is crossed you can also set the Time Period for which IP should be blocked.




• IP Blocking Time Periods can be-
1. Permanent
2. Months - No of Months
3. Days - No of Days
4. Hours - No of Hours
• Click on the Save button.



• Now you are all set in just three simple steps and are ready to protect against those hackers. To test it you can log out of your account and enter the wrong credentials and should be prompted with an Error message showing the number of Login attempts left (Can be turned off as per user choice) from the plugin.

Rename Login URL

Rename the login page URL is a simple and important security method that can help in preventing hackers. A distinctive, challenging-to-guess URL is more difficult to find, after all. This implies that visitors are less likely to access your website unless you explicitly permit it.

• Go to the Rename Login URL tab and Enable the login page URL Checkbox.
• You can change the URL name to whatever you want and click on the Save button




• Now, go to the login page and see the rename login URL.

Google reCAPTCHA

Google reCAPTCHA shields your site from spam and misuse. A CAPTCHA is a challenge-reaction test utilized in processing to decide if a client is human. Hackers cannot automate the process of brute-forcing since you need to play out the captcha to demonstrate that you are a human and hence automation stands no chance.

To protect your website from these kinds of attacks you can follow these simple steps.

If you are using the plugin for the first time or you can’t see the features you can start by enabling Security Features.

Here is the link-. Brute Force Protection ( Login Protection )



• Go to the GOOGLE RECAPTCHA tab.
• Before you can use reCAPTCHA, you need to register your domain/website here.





Visit the Google reCAPTCHA site and retrieve your site keys. For Key retrieval process, you can follow the steps shown below.

• Enter the Label of the site you want to activate reCAPTCHA.
• Select the type of reCAPTCHA you want to activate for your website.
• Enter the Domain your site is hosted on.




• Enter the Owners who can edit the CAPTCHA settings later.
• Accept the Terms and Conditions. and click on the Submit button.




• After performing the registration you will receive your keys which need to be inserted in our plugin.




• After getting your keys to copy your Site and Secret keys and paste them in the plugin and Save Settings.




• Once you have everything set up you can test the reCAPTCHA by clicking on the Test button.




• Now you have all set to protect your site from bots trying to get into your site. You can choose the type of reCAPTCHA you want to be applied and just have to provide the keys to the plugin.

If you don't find what you are looking for, please contact us at 2fasupport@xecurify.com or call us at +1 978 658 9387.