Last update: 06/20/17
If you are using a WordPress blog, you might be amazed at how many attempts from hackers there are to try to login to your blog. Stop 'em dead in their tracks with the Limit Login Attempts Plugin.
By default WordPress does not limit login attempts. This is not a good thing. Hackers are using a very common hacking technique called Brute Force Attack to break into sites.
With Brute Force Attack, a hacker runs an automated bot that will keep hammering your blog with up to several hundred, or also thousands, of hits hourly, trying to decipher your login code. If you don’t control those attempts, they will keep at it until finally they succeed and gain access to the backend of your site. Once in, they now have the liberty to do whatever damage they like.
The first thing to help prevent hackers from accessing your site is to never use the username "admin" this is the first thing they are looking for.
The second is to limit login attempts. If they fail after 2 or 3 login attempts (you can limit the login attempts manually in the settings) they will be "locked out" of your site and will no longer be able to try to gain access.
The most commonly used plugin for WordPress that will limit the login attempts is the "Limit Login Attempts" plugin. The plugin limits the number of login attempts allowed, both through regular logins and the usage of special cookies. After that it blocks the offending internet IP addresses from making further attempts to login. This effectively ceases all attempts at making a Brute Force attack in your site.
Limit Login Attempts Plugin Features:
- Limit the number of standard login attempts per IP.
- Limit the number of attempts to log in using auth cookies per IP.
- User notifications upon failed login informing them of the number of retries they have remaining and the lockout length, if they fail to login successfully.
- Statistics on the number of currently active lockouts and total lockouts.
- Activity log showing IP addresses that have been locked out and the user accounts they attempted to access.
- Email notifications when IPs are locked out.
- Option to handle server behind a reverse proxy.
- Option to whitelist specific IPs (though not recommended).
It only takes a few minutes and you’ll be able to Stop Hackers in their tracks! Download and install the "Limit Login Attempts" plugin for WordPress now!