How and Why you should Limit Login Attempts in your WordPress

Spread the love

How and Why you should Limit Login Attempts in your WordPress

From time to time hackers may plan to force an entry into your WordPress site by guessing your admin password. By default, WordPress allows users to undertake different passwords as repeatedly as they need. This is also referred to as a brute force attack.

However, you’ll change this and add an additional layer of security to your WordPress site. In this article, we’ll show you ways and why you ought to limit login attempts in your WordPress.



Limit login attempts in WordPress


Why you need to Limit Login Attempts in WordPress?

Locked out for too many login attempts


How to Limit Login Attempts in WordPress?

First thing you need to do is install and activate the Login LockDown plugin. Upon activation, you need to visit Settings » Login LockDown page to configure the plugin settings.


Login LockDown settings

First, you would like to define what percentage login attempts are often made. After that choose how long a user are going to be unable to retry if they exceed the failed attempts.

You can also define the lockout period for IP range blocks. The default value is hour , you’ll adjust that if you would like.

The plugin will allow users to stay trying different invalid usernames. Click on the yes under the lockout invalid usernames choice to stop this.

By default, WordPress lets users know that whether or not they entered an invalid username or invalid password on failed logins. You can hide this by clicking yes under the mask login errors option.

Don’t forget to click on the update settings button to store your changes.




The first layer of protection to your WordPress sites is your passwords. You should always use strong passwords on your WordPress site. We understand that strong passwords are difficult to recollect. But see our beginner’s guide which shows the simplest thanks to managing passwords for WordPress users.
If you run a multi-author WordPress site, then see how you’ll force strong passwords on users in WordPress.

No website is 100% safe because hackers always find new ways to urge around the system. That’s why it’s crucial that you simply keep complete backups of your WordPress site within the least time. We recommend the BackupBuddy plugin. Here’s an inventory of the simplest WordPress backup plugins.

If your website is a business, then we strongly recommend that you add a firewall that takes care of the brute-force attacks and so much more. We use Sucuri which guarantees our safety and if anything happens to our site, then their team is responsible to repair it at no additional charge.

We hope you found this text useful, and you have got successfully added the login attempts limit to your WordPress site. You may also want to ascertain our list of 13 vital tips and tools to guard your WordPress admin area.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Instagram and Facebook.

LEARN FREE WordPress wite Wehavedigitaltool

Spread the love

Leave a Comment

Verified by MonsterInsights