In this quick WordPress tutorial, we will show you how you can limit login attempts in WordPress website to avoid brute force attacks. One of the anomalies in WordPress is that its allows users to enter passwords as many times as they want and hackers may try to exploit this by using scripts that enter different combinations until they find an admin or user password on your website.

How To Limit Login Attempts on WordPress

To prevent the unlimited logins on your WordPress, you can limit the number of failed login attempts per user. For example, you can set 3 failed attempts, lock the user out temporarily, so if someone has more than 3 failed attempts, your website block their IP for a temporary period of time based on your settings.

Limit Login Attempts in your WordPress

Using a Plugin To Limit Login Attempts

First, install and activate the Login LockDown plugin.

Now go to : Settings => Login LockDown page to configure the plugin.

Login LockDown plugin

Define how many login attempts can be made, by default, the number is 3. After that choose how long a user will be unable to retry if they exceed the failed attempts.
You can also define the lockout period for IP range blocks. The default value is 60 minutes, you can adjust that if you need.

Originally posted 2017-10-12 13:02:49.