To keep everything secured you should be really attentive on this page. Please although read carefully the Security considerations section.
Enable login for smart card Users
This option allows users that usually require a smart card to authenticate against the Active Directory to login into the WordPress environment. Users which were deactivated by NADI because they require a smart card will be activated at the next "Sync to WordPress".
Enables login using a custom login page
If checked, NADI does also registers its hook when the URL /login is called. You have to make sure that this URL is mapped by WordPress.
Brute Force Protection
The reason for that is that we can´t make it as secure as other existing security plugins.
That is why we started testing some Brute Force Protection plugins to see if they work in combination with NADI.
We highly recommend you to use iThemes Security to secure your WordPress environment.
NADI Brute Force Protection will not receive updates anymore after the NADI v2.0.13 release and we are planning on removing it completely later this year.
Maximum number of allowed login attempts
Enter the amount of tries a user has to login with his wrong username and/or password combination before he is blocked for a specific time period. If you want to disable the bruteforce protection just set this number to 0.
With help of this option you can set the time a user is being blocked after the amount of failed login attempts has been reached.
Notify users of blocked account
If enabled ADI notifies the user by email about the circumstance that his account has been blocked.
Notify admins of blocked account
Enabling this option will notify the admin(s) about blocked user accounts as well.
E-mail addresses for notifications
This option must be configured if you have enabled Notify admins of blocked account. It configures the email addresses of WordPress administrators. Multiple email addresses can be used by separating them by using a semicolon.
If the admin notification event is triggered and no admin email has been set, the email is forwarded to the blog administrator's email address.
Allow login via XML-RPC
If enabled it is possible to authenticate by NADI imported users against the Active Directory using the XML-RPC interface. This means you can use a WordPress client like Open Live Writer to create posts on your WordPress site using NADI users. We also implemented this feature to secure that no one is able to use the WordPress XML-RPC interface to brute-force your Active Directory users. After the amount of failed login attempts has been reached, NADI will deny XML-RPC authentication request for the set amount of time. If you do not activate this option NADI will deny all XML-RPC authentication requests for NADI users.