Home » Security » How to limit the number of login attempts in WordPress

How to limit the number of login attempts in WordPress

While reading about how to make your WordPress hosted website or blog more secure, I came across this nice plug-in that limits the number of login attempts in WordPress. What does that mean?

On an averagely successful (getting 5000-8000 visitors every day) website using a CMS there are multiple login attempts every hour. People are constantly trying to log into your website simply to cause trouble. They might not even gain anything substantial out of the activity, but just because they can hack into your website, they will do it and destroy your data. Just imagine working on a blog for multiple years and suddenly you find that all your blog posts have been wiped out. Devastating. And it happens to people on a recurring basis.

The tragedy is, it can be easily avoided by taking some precautions, and one of such precautions is limiting the number of login attempts. It means if somebody tries to log into your WordPress website or blog by trying out various username and password combinations, after a few attempts, there is a lockout, which means no further login attempts for a set period of time. Multiple login attempts can be carried out via an automated script or manually.

In order to stop people from attempting to log into your WordPress blog or website multiple times you need to install this plug-in, called Limit Login Attempts. Once installed, and once activated, you will have to go to Settings of your WordPress dashboard screen and then from there “Limit Login Attempts” and you come to the following screen:

Limit Login Attempts Settings

It tells you up till now how many lockouts have been implemented (how many times it was tried to log into your WordPress blog or website and lockout was invoked).

Under Options you can decide how many retries you want to allow and for how many minutes you want the lockout to last. There is also a checkbox where you can decide after how many tries an e-mail must be sent to the admin that somebody is regularly trying to log in. After making all the entries you can click “Change Options” and you have successfully limited the number of login attempts in WordPress.