Let’s face it! Several thousand websites are hacked every year and the majority of it runs on WordPress due to its popularity.
Not because the platform is unsecured but how individual or group trying to mess out your site.
In fact, if you don’t take WordPress security fully your website can be a victim of hacking, too.
As the saying goes, “prevention is better than cure”. So, don’t wait your site gets compromised, prevent it while you still can.
Good news is that you have several ways how to limit login attempt in WordPress.
Why You Should Limit Login Attempts in WordPress?
In the first place, you may ask, why you should be limiting login attempts in WordPress?
Well, the most common reason is to help secure your site by protecting WordPress admin area.
In most cases, hackers will try to access your site through WordPress admin area (
http://yourdomain/wp-admin) using most commonly used “admin” as a username and some well-versed script to guess your password.
By default, WordPress allows unlimited login attempts. This allows passwords (or hashes) to be brute-force cracked with relative ease.
As a friendly reminder, you should change the username to something personal by creating a new admin user in the WordPress admin panel which we’ve mentioned in the different ways to secure WordPress site here.
How to Limit Login Attempts in WordPress?
First thing you need to do is install and activate the “WP Limit Login Attempt” plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Once activated, the plugin adds a “WP Limit Login” menu item under Settings. Clicking on it will take you to the plugin’s settings page.
With the lite version, you are limited to:
- Number of login attempts: 5
- Lockdown time in minutes: 10
- Number of attempts for captcha: 3
Upgrading to Pro version will get you even more premium features and support.
That’s all, I hope this article helped you learn how to limit login attempt in WordPress using the WP Limit Login Attempt plugin. You may also want to see this guide on the best two-factor authentication plugins for WordPress.
Do you have any method of limiting login attempt in WordPress? Share it in the comment section below.