How does AAM Secure Login works

Secure Login feature requires AAM 4.9.2 or higher. The Secure Login option can be used to enable or disable the feature.

This feature includes frontend Secure Login widget that you can find on the Appearance ≫ Widgets page and [aam context=”login”] shortcode that can be dropped anywhere on your site and it’ll be replaced with the login form. Both features use asynchronous AJAX methods to authenticate user. Please find below details about each feature.

= AAM Secure Login Widget =

AAM Secure Login WodPress

The widget works the same way as any other WordPress widgets. Here you can define the title for the login widget and greeting message for already authenticated user.

Additionally there are two options that you can enable to secure your website login process. The Login Timeout is the easiest and the most efficient way to slow down any brute-force attacks on your website. Typically when you send a login request to the WordPress core, it takes about 100 milliseconds to get response. The Login Timeout option, slows down this response to 1 second. So technically this means that it will slow down any attack x10 times and significantly reduce change for criminals to get access to your website.

The second option is Brute Force Lockout. This will count number of login attempts per IP address and if there are 20 consequent attempts to login from one IP address, the AAM will automatically block any further attempts for next 20 minutes.

Both Login Timeout and Brute Force Lockout features are highly configurable with free ConfigPress extension. Below is the list of all available settings.

[aam]
; Set login timeout in seconds
security.login.timeout = 1
; Set number of login attempts
security.login.attempts = 20
; Set login lockout time. Any valid Date Time Format.
security.login.period = "2 minutes"

If you do not have ConfigPress, go to the AAM page and on the Extensions tab, under the Free extensions find and install ConfigPress extension. After that you should be able to see the new ConfigPress tab.

= AAM Secure Login Shortcode =

Another way to add secure login form to your website is to use [aam context=”login”]. Simply drop it anywhere within a page or post content and it’ll be replaced with the login form. There are few attributes that can be used to enhance the shortcode behavior.

If you are copying and pasting shortcode from our website, make sure that correct quotes are preserved. Sometimes, depending on the operation system, quotes are not transferred correctly and you would have to manually change them.

“id” – assign unique ID to the login form. Very useful if you need to do additional javascript manipulations or styling. The default value is random string;
“user-title” – customize greeting message when user is authenticated. The default message is “Howdy, %username%”;
“redirect” – redirect URL. We suggest instead of this attribute use Login Redirect feature;
“callback” – define your own callback function that will render login form. Only valid PHP callback definition is acceptable.

= For Developers =

Secure Login widget and shotcode come with very basic layout and styling and you have the ability to override it with your custom form. There are two ConfigPress settings that can be used to replace default login forms. The “login.widget.template” and “login.shortcode.template” accept physical paths to custom widget and shortcode login templates. In your path you can use magic constant {ABSPATH} that will be replaced with your WordPress installation path. For example both definitions will be resolved by AAM properly:

[aam]
login.widget.template = "{ABSPATH}wp-include/themes/my-theme/login-widget.phtml"
login.shortcode.template = "/usr/local/www/site/mydomain.com/wp-include/themes/my-theme/login-form.phtml"

The widget’s template is included in the AAM_Backend_Widget_Login scope so you can access all the public WP_Widget methods as well as widget arguments.

The shortcode’s template is included in the AAM_Shortcode_Strategy_Login scope and you can access shortcode attributes or content with getArgs and getContent methods respectively.

Get Development Package with all extensions included for unlimited number of sites

Learn More

Get the latest updates and promos.