How to Limit Login Attempts in WordPress Website

If you are running a blog or any kind of WordPress website, security should be your primary concern. The greater popularity of WordPress has made it one of the common target for attackers. So it is absolutely necessary for you to increase your security layers. The first security layer you can add in your website is changing the default admin username and using a strong password. But this may not be enough to protect against all kinds of attacks. This article shows how to limit login attempts in WordPress website.

Why You Should Limit Login Attempts in WordPress Website?

By default WordPress allows users to try Login attempts as many times as they want. This allows hackers to implement Brute Force attack on the site and crack admin password. Brute force is one of the oldest forms of hacking where a hacker tries to gain unauthorized access of your admin account using different combination of dictionary words. They generally use a bot or an automated script that can work continuously and can crack your password in less than a hour to few days depending on the complexity of your password. So it is highly recommended for website owners to keep their username and passwords as complex as possible. Keeping complex login credential is not enough to secure your account. The best solution is to fill this security loophole by limiting the number of failed login attempts from a given IP address. If the limit to login attempt exceeds, you can temporarily ban the particular IP for a predefined period of time.

How to Limit Login Attempts in WordPress Website

You can try to limit login attempts without using any plugin but you will need complex coding and depth understanding about WordPress login mechanism. Obviously you may not be successful on frist try and can come up with even more complex problems.

So the safest and easiest method to limit the login attempt is using a reliable plugin. There are number of plugins available in the WordPress plugin repository for this act. Here are the list of few of them

WP Limit Login Attempts

Out of all the plugins we will be featuring WP Limit Login Attempts because of its simplicity and recent updates. Most of the other plugins are not updated from a long time and may not be working properly with the latest versions of WordPress. This lightweight plugin Limits the number of login attempts and protects from brute force attacks. To use the plugin follow the given steps

Also Read: What is Difference Between Posts and Pages in WordPress

1. Log in to your admin dashboard. Go to Plugins > Add new.
2. Search for WP Limit Login Attempts and install and activate the plugin with the following icon.
3. After you have installed and activated the plugin, go to Settings > Login Lockdown.
4. This will take you to plugins setting page. If you are using the free version of plugin, the settings are auto set and you are not allowed to change the setting. The free version will work good enough for most of the websites. However if you want to upgrade, you can install premium version called WP limit Login attempts Pro.
Just after you activate the plugin it will start guarding your login form.
The plugin also uses the captcha system to protect from bots.
Thus with the plugin you can feel secured against bots attack and unauthorized login attempts. Your website cannot be 100% secured despite of any security measures you take. But every little anti-hack measure you implant can make a difference. Always choose a quality and secured host. Keep your WordPress up-to-date and create back ups frequently. We hope the article will be helpful to protect your website against attackers.

Bio
Latest Posts

Kantiman Bajracharya

Kantiman Bajracharya is a freelance web developer. He is a computer geek who has a Bachelor’s degree in Computer Engineering. He has earned lots of satisfied customers while working for numerous successful projects. He is also a WordPress theme creator and web article writer. On free time he likes reading philosophy books, traveling and playing chess.