Limiting login attempts on WordPress using a plugin

WordPress allows for an unlimited number of user login attempts by default, making the site vulnerable to security threats. Hackers can use different passwords to crack passwords with unlimited login attempts. Of course, if you use a firewall, this is taken care of, but if you don't, you can limit logins and secure your WordPress site with the LoginLockDown Plugin. Login LockDown logs every failed login attempt, along with the IP address and timestamp. If a certain number of login attempts from the same IP range are detected in a short period of time, the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. This article will walk you through installing and configuring the LoginLockDownPlugin to prevent brute force password guessing.

Installing and configuring Login LockDown Plugin

To install and configure Login LockDown Plugin, follow these steps:

1. Log in to your WordPress site with an administrator account.

2. On the Dashboard in the left sidebar, click Plugins, and then click Add New:
   

3. Search for "Login LockDown" click Install, and then click Activate the plugin:
   

4. On the Dashboard in the left sidebar, click Settings and then click on on Login Lock Down:

5. Click on Update Settings, to set the max login tries, retry time period and other settings to limit the login attempts:
   

More Information

For more information about the Login Lockdown Plugin, please visit https://wordpress.org/plugins/login-lockdown/

Related Articles

• Adding CAPTCHA protection to a WordPress site

• Changing a WordPress account username