There is a dramatic increase in the hacking attempts over the past few years. Thousands of websites are infected with some kind of malware each day. 75% of them are on WordPress platform which is a serious fact to consider.
A latest research reveals that 80% of the businesses suffered some sort of cyber attack over the past 12 months. Ransomware is the latest trend in the category and the security experts predict that its damage costs will exceed $5 billion this year.
Hackers attempt to invade into your WordPress system always. They will make repeated login attempts until they crack your website. Limit login attempts is the best possible solution to overcome this situation. Limit login retries in your site and if anyone exceeds the number within a short period of time, automatically disable login function for the selected IP range.
In this article, we’ll show you two best plugins to limit login attempts in your WordPress blog.
1. All In One WP Security & Firewall
After activation, go to WP Security > User Login to enable login lockdown feature.
Enable the feature and enter a value for max login attempts. If anyone exceeds the limit with failed login attempts, the same IP address will be locked out from further retries.
Set your lockout time length for which the blocked IP address will be prevented from logging in. The plugin allows you to instantly block invalid usernames and specific usernames as well.
Login Lockdown IP Whitelist is another main section where you can enter own IP address and it will never be blocked by the login lockdown feature.
There are four more related tabs in the User Login page. Failed Login Records, Force Logout, Account Activity Logs and Logged In Users.
Failed Login Records shows IP address, Username and time of each failed attempt.
Admins can force log out all users after a certain amount of time. They should log back to continue using the dashboard or service. Sometimes, we forget to log out from the site after writing or managing contents and it may result in some serious security breaches. Enable the feature and set a time limit to avoid such a situation.
Account Activity logs lets you monitor the activities of logged in users. If you are running a multi-author blog, know who’s online at the moment from Logged In Users tab.
2. Login LockDown
Login Lockdown is another plugin to limit login attempts in WordPress. It will record all failed login attempts on your site and when the number exceeds the limit, the login function will be disabled for the system.
After activation, open plugin menu from Settings > Login Lockdown.
Set your Maximum login retries, retry time period and lockout length. Admin is a common username for WordPress websites. Hackers can easily guess such names. Replace the default ‘Admin’ username with your own for better security. Login Lockdown plugin also allows you to instantly block the invalid usernames from logging in.
Visit Activity log on the top to view locked out IP addresses.