WordPress’ login page is pretty simple and basic. You type in the username and password, and if the details are right – you’re in. By default, WordPress doesn’t limit the number of login attempts. Having that in mind, your blog / website is exposed to a brutal attack, where a user / bot would try to hack into the dashboard, by guessing / cracking the password.
Some plugins store cookies in the user’s browser, in order to defend WordPress, but that’s not enough, because we all know how easy it is to clear the cache and cookies.
So – is there a solution? Yes, there is. A plugin called “Limit Login Attempts” – which aims to protect WordPress by limiting the number of login attempts.
The plugin is pretty simple to operate – you decide how many attempts the user gets to try to login. After the user runs out of attempts their IP is locked for 20 minuets (you can change the duration). If the user gets 4 lockouts – their IP is locked for 24 hours.
All the variables are adjustable. It’s all up to you.
The plugin informs the user about remaining retries or lockout time on the login page, there’s optional logging, optional email notification and it can handle a server behind reverse proxy.
Languages available: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish.
Download the plugin here.