Security is fast becoming the buzz word around WordPress and so I feel I need to get better acquainted with it. I will hold my hands up to the fact that it isn’t the area I am most competent in. With that in mind I have been considering a few security based plugins, one of which I want to introduce with this post.

I have produced a test plugin but despite it doing what I intended, I think, I am not entirely convinced it is actually beneficial. In this respect security and accessibility are similar in that despite good intentions you could just end up churning water and have no really impact.

The plugin is derived from Matt Cutts’ post in which he suggested using .htaccess to limit access to a particular IP address. This was generally commented on as good in principle but slightly defeating the object of web based services.

The general idea is that a user can tell WordPress that they are at the home IP address, and WordPress will then save this IP address along with a password.

If the user logs on from a different IP address then they need to enter their normal password, plus, an additional password, which, in theory, should be different. Obviously it shouldn’t be used with Dial up accounts.

My confusion is really over how useful this actually is. I don’t know how passwords are gathered. I would presume passwords are more vulnerable when logging onto a different computer and in that case why wouldn’t they just gather two passwords instead of one? If you are in the database already then you can do what you want regardless so it won’t stop that. Is there a situation where this would be useful?

You can download a copy of the concept plugin here.

To use it log in as normal, go to your profile, and enter a password in the box at the bottom.