If you are running a blog or any kind of WordPress website, security should be your primary concern. The greater popularity of WordPress has made it one of the common target for attackers. So it is absolutely necessary for you to increase your security layers. The first security layer you can add in your website is changing the default admin username and using a strong password. But this may not be enough to protect against all kinds of attacks. This article shows how to limit login attempts in WordPress website.
Why You Should Limit Login Attempts in WordPress Website?
By default WordPress allows users to try Login attempts as many times as they want. This allows hackers to implement Brute Force attack on the site and crack admin password. Brute force is one of the oldest forms of hacking where a hacker tries to gain unauthorized access of your admin account using different combination of dictionary words. They generally use a bot or an automated script that can work continuously and can crack your password in less than a hour to few days depending on the complexity of your password. So it is highly recommended for website owners to keep their username and passwords as complex as possible. Keeping complex login credential is not enough to secure your account. The best solution is to fill this security loophole by limiting the number of failed login attempts from a given IP address. If the limit to login attempt exceeds, you can temporarily ban the particular IP for a predefined period of time.
How to Limit Login Attempts in WordPress Website
You can try to limit login attempts without using any plugin but you will need complex coding and depth understanding about WordPress login mechanism. Obviously you may not be successful on frist try and can come up with even more complex problems.
So the safest and easiest method to limit the login attempt is using a reliable plugin. There are number of plugins available in the WordPress plugin repository for this act. Here are the list of few of them
- Jetpack plugin
- Login LockDown
- Limit Login Attempts
- Limit Attempts Booster
- Cerber Limit Login Attempts
- WP Limit Login Attempts
WP Limit Login Attempts
Out of all the plugins we will be featuring WP Limit Login Attempts because of its simplicity and recent updates. Most of the other plugins are not updated from a long time and may not be working properly with the latest versions of WordPress. This lightweight plugin Limits the number of login attempts and protects from brute force attacks. To use the plugin follow the given steps
1. Log in to your admin dashboard. Go to Plugins > Add new.
2. Search for WP Limit Login Attempts and install and activate the plugin with the following icon.
3. After you have installed and activated the plugin, go to Settings > Login Lockdown.
4. This will take you to plugins setting page. If you are using the free version of plugin, the settings are auto set and you are not allowed to change the setting. The free version will work good enough for most of the websites. However if you want to upgrade, you can install premium version called WP limit Login attempts Pro.
Just after you activate the plugin it will start guarding your login form.
The plugin also uses the captcha system to protect from bots.
Thus with the plugin you can feel secured against bots attack and unauthorized login attempts. Your website cannot be 100% secured despite of any security measures you take. But every little anti-hack measure you implant can make a difference. Always choose a quality and secured host. Keep your WordPress up-to-date and create back ups frequently. We hope the article will be helpful to protect your website against attackers.
Related Posts

Kantiman Bajracharya

Latest posts by Kantiman Bajracharya (see all)
- What are Different WordPress Theme Licensing Terms? - December 21, 2017
- 4 Tips to Optimize Your WordPress for Social Media Share - November 30, 2017
- What is WordPress? Is WordPress Free? Why is WordPress so popular? - November 22, 2017