Limit the number of login attempts in WordPress

I’ve previously mentioned that a secure password that’s hard to guess is key when it comes to security. Since even a password with random characters (both numbers, letters and special characters) can be cracked if enough time is spent trying to guess the password you need to protect your WordPress blog from letting people guess your password too many times.

This is where the plugin Limit Login Attempts comes in handy. The plugin is for WordPress and will do exactly what the name says, limit the number of login attempts a user can do. The plugin will also log the login attempts if you like, which can be good to find out what’s going on on your blog when you sleep for example. You can also get email notifications if you prefer that instead of a log.

You can set the number of login attempts in the plugin settings, but I would suggest you let that be as the standard since 4 attempts are perfectly fine and should be enough to stop brute force attacks. After the first 4 attempts the user gets locked out for 20 minutes, and if 4 more tries are done after that the user gets locked out for another 24 hours. This should stop most brute force attacks, but still be as user friendly as possible for people forgetting their passwords.

There’s not much more to say about this plugin then that you should install it if you haven’t installed it already. Download it from here.