Last week we covered how to limit WordPress dashboard access, but there are some cases in which this is not exactly the best way to protect your website. Maybe you are not the only one that is working on it, and there are a lot of people that are accessing it, or you have a dynamic IP at home, and it is virtually impossible to fill them all in.
If you have a using a strong password to protect your website, and it is hard for unwanted users to enter your WordPress admin panel, you are halfway there. Yet again, it will be best to take stricter measures to protect your web property.
Getting optimized and secured WordPress Hosting is just one part of making your WordPress website securer. Let’s find out another step that you can take in the direction of protecting your web estate.
Why Limit Login Attempts in WordPress
As you probably know, one of the most common website attacks is the so-called brute force attack. In essence, it is an attempt for your password to be unraveled by endless tries and errors. In a way, if your password is strong, you don’t have to worry. But still, the bots used to do this kind of work, are getting smarter and smarter.
That means that there is, in fact, a danger. And you should give your best to prevent bad things to happen to you.
If limiting WordPress dashboard access is not an option in your specific case, the next best thing is to use a strong password, and limit the number of login attempts to your WordPress.
Doing so will likely help you to catch the origin of the possible brute force attack, and block the IP.
The bots that are performing brute force attacks are able to sometimes enter the dashboard of a website because they make thousands and thousands of attempts in the time that a real human can only make 3 or 4. And the bots are doing so automatically. If you limit the number of attempts allowed in a given period of time, you’ll significantly slow down the attack, so you can react.
Start your blog in less than 20 minutes!
How to Limit Login Attempts in WordPress
To limit the number of possible login attempts in WordPress, the easiest way is to install a plugin. And surprise, surprise! the most famous plugin for limiting the login attempts is called Limit Attempts. It is created by BestWebSoft.
Once you’ve installed and activated the Limit Login Attempts plugin, enter in its settings page, and tune the settings up, according to your preferences.
This is what you can expect to see, once you open the settings page of the plugin.
Here you can adjust the number of attempts allowed and the period on which the ‘sessions get reset’ and thus, the user will be able to attempt once again to enter his or her profile.