By default, WordPress allows users to enter passwords as many times as they want. Hackers may try to exploit this by using scripts that enter different combinations until your website cracks.
To prevent an unwanted WordPress login attempt, you can limit the number of failed login attempts per user.
For example, you can say after 5 failed attempts, lock the user out temporarily.
If someone has more than 5 failed attempts, then your site block their IP for a temporary period of time based on your settings. You can make it 5 minutes, 15 minutes, 24 hours, and even longer.
How to Limit Login Attempts in WordPress?
To limit your login attempts on WordPress, you will need Login LockDown plugin.
Installing And Activating Login LockDown
To install Login LockDown on WordPress, follow these steps:
- Log in to your WordPress admin page.
- Go to Plugins, select on Add New.
- In the Search text box, type Login LockDown, and then click Search Plugins.
- After WordPress finishes installing the plugin.
- click Activate Plugin.
Configuring Login Lockdown
- After you have installed the Login LockDown plugin, Goto setting
- Click on Login LockDown.
- Now set the number of Login Retries, Retry Time Period, Lockout length, Lockout length, Invalid Usernames.
- WordPress lets users know that whether they entered an invalid username or invalid password on failed logins. You can hide this by clicking yes under mask login errors option.
Don’t forget to click on the update settings button to store your changes.
You can also check;