Why you Should Limit Login Attempts

Increase Your WordPress Site Security by Limiting Login Attempts

The security of your WordPress site should be of a top priority to prevent it from being targeted by hackers.

The second tip in our WordPress security series is to limit WordPress login attempts.  This is necessary to protect against arguably the most common type of WordPress hack-brute force attacks.

What are Brute Force Attacks?

Entry-level hackers usually implement brute force attacks. It is a trial-and-error method whereby hackers, or bots, deploy automated scripts to try every combination of username and password to gain entry to WordPress sites.

Tens of thousands of sites are targeted at once so if your WordPress site is small it doesn’t mean it’s safe. They target any site that has /wp-admin or /wp-login.php in the URL.

The Best Way to Prevent Brute Force Attacks is to Limit Login Attempts

There are two main ways to prevent brute force attacks. One of these options is to hide your WordPress login page altogether. However, this isn’t a viable option for certain WordPress sites such as;

  • E-commerce sites
  • Membership sites
  • Online forums
  • Sites with multiple authors.

The other option is to limit login attempts. This means that you limit the amount of times an IP address can attempt to login to your WordPress site at any one time. You can achieve this by simply installing one of recommended WordPress plugins: WP Limit Login Attempts, Cerber Security & Antispam or Limit Login Attempts Reloaded.

You have the option to choose the number of login attempts allowed. In addition, you can select how long the IP address will be blocked for following the unsuccessful login attempts. You will also be given the option to lockout invalid usernames. This will prevent brute force attacks and protect against chancers as well.

If you are prone to mistyping your password we would recommend that you consider this when choosing the number of login attempts allowed as you may need more than one shot at it!

Furthermore, we would also suggest adding a captcha or mathematical equation to your login page as well as using a secure username and password. This will provide another layer of security and authentication to protect against hackers.

Make WordPress Security a Priority

Brute force attacks are so common that if you don’t take steps to prevent it you are highly likely to be hacked.

If removing your login page or limiting login attempts isn’t an option for you, we suggest you take the fundamental measure of using a secure username and password. After all, a lot of WordPress users use “admin” still as their username!

To generate a secure password we recommend:

  • Using a combination of lowercase and uppercase letters
  • Including numbers
  • Including symbols
  • Having at least 8 characters

Tech Advisor suggest generating a password that is hard to guess but easy to remember.

For further help and guidance securing your WordPress site contact our WordPress experts.

You can learn more about brute force hacks and all other types of hacks here.