So we have this plugin running on our site since forever, but we recently noticed that we have not written about it extensively. The plugin we are talking about is Limit Login Attempts. We were reminded of this recently when someone tried to Brute Force Alex ViperBond007′s site. By default, you can have as many failed login attempts in WordPress. This would not be a problem if there is no hacker or someone trying to guess your password. But sadly those people exist. In this article, we will show you how and why you should limit login attempts in WordPress.
Why you need to Limit Login Attempts in WordPress?
Sometimes the hacker might think they know your password, or they might develop a script to guess your password. In that case what you need to do is limit the login attempts. Limiting the failed login attempts will lock a user out if they entered the wrong password more than the specified time. They will be locked out for a specified time. You can control the settings from your admin panel. This will also let you see how many people are trying to hack your site. If you see the same IP trying to access your site, then you can BAN that IP address.
How to Limit Login Attempts in WordPress?
Simply install and activate the plugin Limit Login Attempts. Go to Settings » Limit Login Attempts page. Simply fill out how many failed login attempts you want to allow. How long the lock out should be and save the settings.
You can also see the log of how many total lockouts there have been as well as get notified via email if there have been more than X lockouts in the same day.
For more tips on how to protect your WordPress admin area, check out our article about 13 Vital Tips and Hacks to Protect your WordPress Admin Area.