How to Restrict WordPress Login Attempts

• May 31, 2016
• Leave a comment

WordPress back-end admin panel is being secured with password authentication. There is a significant chance of spamming and hacking attacks on websites to login into admin panel for taking the control over website. Hackers brute force different combinations of username and password to break the security.

To overcome this situation, one must implement some online security measures to put a limit on unsuccessful login attempts.

Restricting the login limits is one of the various methods used for security measures in which you can put time limit after specific amount of invalid login attempts. For example, one have to wait for 5 minutes after 3 consecutive unsuccessful tries.

There are several plug-ins available at WordPress repository that are used for this purpose. Among these plug-ins, Limit Login Attempts is recommended for the protection of your website. Install and activate the plug-in. Follow the instructions given in the following figure to set the time and number of attempts that one can make.

Configure the plug-in settings by entering the value of number of tries, maximum lockout time, log the IP of user making invalid tries and set options to send emails to Admin. Save the settings by clicking Change Options and rest is handle by WordPress. After crossing the unsuccessful tries, one must lockout for time set by administrator.