Why Should You Limit Login Attempts For A WordPress Website
June 7th, 2017 | by Ravi Chahar || 8 Comments |
No doubt that WordPress is one of the reliable content management systems but the security of your website it on you. Have you ever thought to limit login attempts?
By default, WordPress allows the users to try to log in as many times as they want. It means hackers can exploit your login page.
They can use the different kinds of scripts to break the password. There is no login limit applied.
This type of hacking is also considered as the brute force attack. The hackers try to enter your website by hitting and trail methods.
To stop this, you should limit the login attempts.
How Can You Stop the Hackers From Breaking into Your WordPress Website
Though there is also a complete WordPress security guide which can help you prevent your website from getting hacked. But Still, for the login page, limiting the attempts is something you should consider.
The question arises how can you accomplish this?
Well, WordPress repository has thousands of plugins which make everything easy. From which, you have to install and activate the Limit LoginDown plugin.
The best part of this plugin is that you can easily configure its settings.
Just go to Settings>>Limit LoginDown and you will see the number of settings.
You can set the number of login attempts allowed. I would recommend setting to the 5 or maybe 3. The choice is yours.
There is also a retry time before the lockdown. Keep it 5 minutes or you can decrease it. There is no specific time period. It’s the matter of choice for all the settings of this plugin.
You can set the time period up to which the user will get locked away from your WordPress login page.
Whenever the locked user would try to log in, he/she would see an error message showing that the IP address has been blocked.
By default, this plugin doesn’t block the users who use the wrong username. It only monitors the password.
But you can change this behavior by enabling this setting.
After all the settings, don’t forget to save. From now onwards, your login page has another extra layer of the security which will stop the brute force attack.
You can also limit login attempts if the security plugin you use has this feature.
Some Essential Things to Do For Better Security
Limiting the login attempts isn’t the only thing which can secure your WordPress website.
You should know about the things to do to secure your WordPress admin area. You can add a security question, remove password lost link, change login error message etc.
It’s always recommended to change the login page URL. Create a custom login page URL so that only you can access it.
You can also password protect your admin directory or add a two-factor authentication using any of the plugins.
Have you taken any of the security steps?
I Hope You Can Easily Limit Login Attempts
The best thing is to do everything you can to protect your WordPress website. You never know about the hard times.
Many people lose their hard work every year. You wouldn’t like to be one of them. And one of the sensitive parts of your website is the login page.
You should limit login attempts to reduce the chances of brute force attack. You should use a security plugin to configure different settings.
Most of the security plugins cover almost 80% of the security settings. The rest is dependent on you. Keeping a strong password curated with the combination of number, uppercase alphabets, special characters is recommended.
I am sure, you will accomplish this easily. If you still face any problem, feel free to drop a comment.
You can also connect with us on Twitter, LinkedIn, and Facebook.
8 comments
Leave a Reply
Hello Ravi,
Great tips ?
Yeah we all do fear of getting our sites hacked and loosing all the works we have done for years.
The idea to limit the login attempts for our WordPress sites is something we all need to go through.
The examples of yours made the whole scenario clear. The number of login attempts and the time provided
can be cut off wow!
Thanks for the share:)
Keep Writing.
Shantanu.
Hello Ravi,
Limit login attempts plugin is very important in the age where WordPress sites are being hacked. Even though WP is safe, the security is what we have to be concerned about.
Apart from Limit login attempts, login page can also be protected using htpasswd.
I am sure, more users will be using this plugin now after reading your post. ?
Hey Atish,
There are different plugins to apply this on a WordPress website. I have tested many security plugins which have this feature.
But having a specific plugin can make people understand the concept properly.
Thanks for stopping by.
~Ravi
Hi Ravi,
We do have to protect ourselves for those login attempts. This can wipe out years of work we have done, so why not get protection? This is one of those things I had from the very start of my blog. So far so good!
We also have to protect our password and change it often.
-Donna
Hi Ravi,
To protect our blog as well as valuable content from hackers one must need to install security plugins which help out individuals a lot. Currently, I am using Limit login attempts plugin which is very handy to stop the hackers from breaking into our WordPress Website.
Many thanks for informative share once again ?
Regard’s
Mairaj
Wonderful Post @Ravi
Limiting Login attempts really protect your WordPress site.
I must confess, I’m guilty of this ? lol.
On my way to Limit Login Atempts.
Hey Ravi,
I’ve installed a limit login attempt plugin and it has definitely lowered login attempts by a lot. You never know when someone has hacked into your blog and it’s best to have security like this.
I also use Sucuri Security on top of limil login and it definitely has been a big help in keeping my blog more secure.
Great share and have a great weekend!
Hi Sherman,
Sucuri is one of the best security plugins right now. And limiting the login attempts is the thing everything should enable on their blogs.
Brute-force attack can be deadly sometimes.Secure your website and enjoy blogging.
Thanks for stopping by.
~Ravi