by default word press allows a user to try as many passwords as possible when logging in while this is convenient a bot or a hacker can exploit this so the question becomes how can you prevent this kind of an attack well it’s easy simply limit the number of failed login attempts in WordPress to do this in your WordPress dashboard go to plugins
then click on add new
and in the search bar type limit login attempts reloaded and press enter
and then this is going to be the plug-in click on install now to start the installation when the installation is complete this button is going to change to activate click on it to activate the plug-in once the plug-in is activated you get redirected to the plugins page
now go to settings
and click on limit login attempts
and then here we’re going to configure the plugin
first here you can enable the gdpr compliant for data protection
next in notify of lockout setting you can enable this so the plug-in will notify you via email if someone has failed after the set number of lockouts
then under app settings
you can set the amount of retries you want to allow your user as well as the lockout time if they fail to login then we’re going to go to logs
and here we have two options in the safe list you can enter an IP or username and that particular user can log in without any limits
and similarly in The Blacklist you can enter an IP or username and that particular user will not be able to log in this is how you can limit login attempts in WordPress that’s it for today’s video if you have any questions or comments please leave them in the comments section below and if you like the video please click on the like button if you’re new to our Channel hit the Subscribe button and tap the Bell icon so that you don’t miss any of our future videos thanks for washing will see you with the next one
Awesome Awesome Plugin
Still works, and it still works well. (WP Version 4.9.8) This plugin was provided by my host provider when I signed up with THOSTS in December 2017.
Was considering deleting it, but, .. this is from it’s log as of today 10/10/2018
IP Tried to log in as
91.200.12.28 pigsoft.net (4 lockouts), b92.co.uk (2 lockouts)
91.200.12.65 admin (1 lockout), b92.co.uk (1 lockout)
91.200.12.104 pigsoft.net (1 lockout)
91.200.12.157 b92.co.uk (2 lockouts)
27.151.92.51 dyandoss27289 (1 lockout)
86.49.188.134 admin (1 lockout)
146.185.223.160 admin (1 lockout)
211.245.31.111 michellz047609 (1 lockout)
170.238.36.26 admin (1 lockout)
91.200.12.56 b92.co.uk (4 lockouts)
185.63.254.15 admin (1 lockout)
91.200.12.35 b92.co.uk (5 lockouts), pigsoft.net (1 lockout)
And so the list goes on, and one, and on, and on, ..
China, Ukraine, France and the good old US of A to name just a few of the look up IPs I could be bothered to do. Script Jockies all of them, but they’re not using brute force attacks: especially from reading some of the login (name) attacks that the web boys are using. Later on in that list, are some of the people I’ve mentioned in my posts: who aren’t board members.
Conclusion: This Plugin is worth it’s weight in gold.
Thanks for reading, Jessica: Praise be the ORI.
After 7 years of no updates… still working well! I don’t know how and why, but this plugin still works really well.
It still works great! well done
Works very well Works very well
bad role bad role
Interesante Se lo pone más dicÃcil a los hackers que quieren acceder a tu blog ya que les limita el número de accesos.
Not maintained but still works Would be good to get new versions and fix possible security issues (if any), but it seems to still work.
Getting a lot better. We had initial issues and tried again and it is working better.
Best plugin I have ever installed I have always installed this plugin on all WP websites that I create or manage. Nothing significant seems to have happened.
However lately I have been monitoring one of my websites and noticed heightened attempts to log in without my permission.
I lowered the number of attempts to 2 and increased lockout periods.
I have also turned option to get notifications every time login fails and login IP attempts get locked out.
I couldn’t be happier.
This has worked as the best protection from hacks, protection to lock out intruder IP’s etc.
So far over 450 failed attempts and over 250 permanently locked out IP’s
Thank you for the protection