To help stop brute force cracking or password cracking attempts on your WordPress blog there is a WordPress security plugin that helps called “Limit Login Attempts.”
This plugin limits the number of login attempts through your wp-login.php page and through auth cookies and blocks the IP
Without limiting your WordPress login attempts you are opening the door for malicious hackers to spend their time guessing your username and password.
Limit Login Attempts plugin allows to protect your login process
- Set how many login tries they get before being locked out.
- Adjust how long they get locked out for future attempts.
- Get email notifications sent to you if an IP is blocked.
Here's a screen shot of my Limit Login Attempts Options:
What I haven't found out about this plugin yet is if you have the ability to “unlock” an IP. I have posted on the forum and hope to have an answer soon.
You can find out more information and/or download the Limit Login Attempts plugin here.
One thing I do not like about this plugin is that it does not mask the “Login Errors.” It actually shows how many login “attempts” they have left and how long they are locked out for.
My suggestion is that you always hide the login errors. You can do so by adding the following code to your theme's function.php file:
// Remove Login Error Message on wp-login.php
add_filter(‘login_errors',create_function(‘$a', “return null;”));
I'd like to thank my friend Chris Cobb for recommending this WordPress security plugin. I'm still testing the waters, but it looks good so far.
Prior to installing the Limit Login Attempts plugin, I have been using Login Lockdown and it has worked great. However, as far as I know it does not block by auth cookies so I thought I'd give Limit Login Attempts a try.
Leave Your Feedback
Have you tried the Limit Login Attempts plugin? If so, what do you like or don't like about it? Are you able to unblock/unlock IPs manually from the dashboard? Or do you use the Login Lockdown plugin or have another one to suggest to help protect the login process on your WordPress blog? Leave your comment below.