So ...

Let's see how can you limit login attempts in Wordpress ...

Obviously, we are going to use a plugin ...

And there are two scenarios ...

If you are targeting a site which is hosted outside of WA, I'd recommend a full security suite like Sucuri or AIO WP Security:

https://wordpress.org/plugins/sucuri-scanner/

https://wordpress.org/plugins/all-in-one-wp-security-and-fir...

For example, WP Security has a simple and efficient interface that will allow you to limit the maximum number of failed login attempts:

If you are targeting a WA-hosted site, you can use another lightweight plugin, Login LockDown:

https://wordpress.org/plugins/login-lockdown/

Upon activation, you need to visit Settings => Login LockDown page to configure the plugin settings:

First you need to define how many login attempts can be made.

After that choose how long a user will be unable to retry if they exceed the failed attempts.

You can also define the lockout period for IP range blocks. The default value is 60 minutes, you can adjust that if you need.

The plugin will allow users to keep trying different invalid usernames. Click on yes under lockout invalid usernames option to stop this.

Also, by default, Wordpress lets users know that whether they entered an invalid username or invalid password on failed logins. You can hide this by clicking yes under mask login errors option.

And of course, don’t forget to click on the update settings button to store your changes!

OK. Now lets's move forward to the last lesson for a few important closing thoughts ...



Join the Discussion
Write something…
Recent messages
TeamIceCream Premium
Awesome! Thank you Zed! ;-)
Sharlee (Chocolate IceCream)
Reply
smartketeer Premium
Thank you Sharlee!
Reply
JMatonge1 Premium
Marvelous work, Smartketeer. This is of great benefit to some of us. Thank you.
Joseph.
Reply
smartketeer Premium
Thanks Joseph!
Reply
Floria Premium
Thanks Zed! If our password is crucial, would you recommend using lastPass?
Reply
smartketeer Premium
If you are talking about the password manager, yes.
Reply
Floria Premium
Yes. Exactly. Thank you. :)
Reply
smartketeer Premium
My pleasure!
Reply
tslazyk5894 Premium
Before I was a member of Wealthy Affiliate I purchased "Blog Defender," which is "iThemes Premium Security" with "Backup Buddy" and "Cloud Defender," which makes use of Cloudflare. From the sound of this message I should uninstall iThemes Security Pro, correct? I have not yet added the site to Cloudflare. Do you recommend uninstalling ithemes security pro and not using Cloudflare? It seems like I don't even need Backup Buddy which I was going to configure to work with Google Drive. I'm feeling like I should not do all three, since all three would be redundant? It would really be nice if we were allowed to use usernames other than "Admin." Do you foresee that happening anytime?
Reply
smartketeer Premium
If you moved your site to WA you won't need them ...

If your site is outside of WA I'd use them ...

You can change/update your username ...

See this

https://themeisle.com/blog/change-wordpress-usernames/
Reply
kiliwia62 Premium
Thank you very helpful to know :)
Reply
smartketeer Premium
Thanks Sylvia!
Reply
Top