Limit Login Attempts is nice little plugin, which can protect your blog from attempts to hack your admin account. This plugin uses a simple, attempt-based lockout method to block attacker IP addresses. Through it can’t ensure 100% protection, blocking IP addresses will definitely make it difficult to brute-force your WordPress user account. Because blocked IPs are not allowed try login for a predefined period. Limit Login Attempts limits number of login attempts both through normal login and by using auth cookies. If you are worried about security of your blog and want to prevent malicious attempts to break your WordPress admin password, I suggest you use this plugin.
How to install Limit Login Attempts?
- Download the plugin from the official download link.
- Extract and upload the limit-login-attempts folder to wp-content/plugins folder of your hosting account.
- Login to wp-admin area, go to Plugins section and activate Limit Login Attempts.
Alternatively you can install Limit Login Attempts by using Add New in Plugins section of your WordPress admin area.
How Limit Login Attempts works?
After installation and activation, this plugin adds a settings page to WordPress admin menu. You can access it from the Settings section. In the Limit Login Attempts Settings page, you can specify options like maximum allowed retires, lockout time in minutes, lockout time increase after certain number of lockouts, and hours till reset of tries. You can also tell the plugin to log IP addresses and notify you (blog admin) via email after certain lockouts were logged on your blog.
You can view plugin statistics and lockout log directly from the Limit Login Attempts settings page. The log will display IP addresses, usernames used for login attempts and total lockouts for each username. This plugin also allows reset of lockout counter and restoration of currently active lockouts.
Why this plugin?
In case you don’t know, WordPress allows unlimited login attempts. Even thousands of wrong tries will return the same login page. This makes WordPress accounts, specially admin account, more prone to brute-force attacks. In fact there are many reports of ongoing, organized brute-force attacks to break admin passwords of WordPress blogs. With proper resources, brute-forcing can break most passwords. No restrictions on maximum login attempts makes such attacks even easier. That’s were this plugin comes into the scene. With Limit Login Attempts, you’ll be able to limit login tries and also block attacker IP addresses. Thus your admin account will get an extra layer of security over other existing security measure.