Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hackers are always trying to log into your website by guessing the admin password. By default, WordPress allows users to try unlimited passwords, which is known as brute force cracking. But you can upgrade your website to add a protective shell to the security of the website. In this article, we will explain to you how and why you need to limit the number of login attempts on your WordPress site.
Why do you need to limit WordPress login attempts?
By default, WordPress does not limit the number of times users can try to log in. Hackers will use scripts to automatically try different password combinations to log in to your website until the password is cracked. To prevent brute force attacks, you can limit the number of failed logins per user.
For example, if a user fails to log in 5 times, then the user’s IP is temporarily locked for a period of time, and the time can be set freely, which can be 5 minutes, 15 minutes, 24 hours, or longer.
How to limit the number of login attempts in WordPress?
First, you need to install the Login LockDown plug-in. After enabling it, go to the “Settings” – “Login LockDown” page to configure the plug-in.
First, you need to define the number of allowed login attempts and then set how long the user will be locked if the number of login failures exceeds the set value. You can also define the lock time period for the IP range, the default is 60 minutes, and you can adjust it yourself if needed.
The plugin is to allow users to try to log in with different invalid usernames, click “Yes” under “Lockout Invalid Usernames” to disable this behavior.
By default, WordPress will remind the user if they have entered an invalid username or password when the user fails to log in. You can block the prompt by clicking “Yes” under the “Mask Login Errors” option.
Finally, don’t forget to save your settings.
Kind tips:
- The first line of protection for a website is your password, and you should set a sufficiently complex and strong password for your account. Although strong passwords are hard to remember, there are some password management tools you can use to help you remember them.
- If your site has multiple authors, then you should enforce strong passwords for your users.
- No website is 100% secure as hackers are always finding new ways to attack your website. So it is very important to make daily backups of the website.
- If your website is an enterprise site, then we strongly recommend that you add a firewall to the website, which can effectively block brute force cracking and other attacks.
Hope this article was useful for you and put a login attempt limit on your website.
