2 min read

How to limit login attempts in WordPress

How to limit login attempts in WordPress

Now and again programmers may attempt to break into your WordPress site by speculating your administrator secret phrase. Of course, WordPress enables clients to attempt distinctive passwords the same number of times as they need. This is otherwise called animal power assault. Notwithstanding, you can change this and include an additional layer of security to your WordPress site. In this article, we will demonstrate to you how and why you should restrict login endeavors in your WordPress.

To prevent this, you can limit the number of failed login attempts per user.
For example, you can say after 5 failed attempts, lock the user out temporarily.

If someone has more than 5 failed attempts, then your site block their IP for a temporary period of time based on your settings. You can make it 5 minutes, 15 minutes, 24 hours, and even longer.

How to Limit Login Attempts in WordPress?

First thing you need to do is install and activate the Login LockDown plugin. Upon activation, you need to visit Settings » Login LockDown page to configure the plugin settings.

First you need to define how many login attempts can be made. After that choose how long a user will be unable to retry if they exceed the failed attempts.

You can also define the lockout period for IP range blocks. The default value is 60 minutes, you can adjust that if you need.

The plugin will allow users to keep trying different invalid usernames. Click on yes under lockout invalid usernames option to stop this.

By default, WordPress lets users know that whether they entered an invalid username or invalid password on failed logins. You can hide this by clicking yes under mask login errors option.

Don’t forget to click on the update settings button to store your changes.

The first layer of protection to your WordPress sites is your passwords. You should always use strong passwords on your WordPress site.