Blacklist Logins

Disallowed Logins

What It Does

This module maintains a list of forbidden usernames and prevents anyone from creating accounts with these names. Common insecure usernames like "admin", "administrator", "test", or "root" are blocked by default.

If you already have users with blacklisted usernames, the module will require them to change their username before they can access the administration area. The module provides a secure interface for users to update their usernames while maintaining their account permissions and data.

By blocking these common usernames, you significantly reduce the risk of brute-force attacks, as attackers won't be able to guess or use these well-known usernames. This is especially important because many WordPress sites use "admin" as the default administrator username, making them easy targets for attacks.

Why It Matters

Login attacks are one of the most common ways attackers try to gain access to WordPress websites.

By strengthening your login security, you significantly reduce the risk of unauthorized access to your website.

How to Use

Activate this module in the Users & Login section of SecuPress settings.

If you have existing users with blacklisted usernames, they will be prompted to change their username the next time they try to access the administration area. The module provides a secure interface for users to update their usernames while maintaining their account permissions and data.

You can also configure which usernames are forbidden. The module includes a default list of common insecure usernames, and you can add additional usernames to this list as needed.

Once activated, the module works automatically and provides protection for your website.

If you encounter any issues after activation, you can temporarily deactivate the module. The module will automatically remove its protection rules when deactivated.