Limit Login Attempts: Absolutely MUST Have WordPress Plugin

Last updated
App Shah
Crunchify » WordPress Optimization and Tutorials » Limit Login Attempts: Absolutely MUST Have WordPress Plugin


By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Last month I’ve posted article on Global Brute Force Attack, which you can read it here: Important: Global WordPress Brute Force Flood. Please Read. As advised in there, I’ve also installed Limit Login Attempts WordPress Plugin..

Limit the number of login attempts possible both through normal login as well as using auth cookies. It blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible. Sometimes the hacker might think they know your password, or they might develop a script to guess your password. In that case what you need to do is limit the login attempts.

You can also see the log of how many total lockouts there have been as well as get notified via email if there have been more than X lockouts in the same day.

Another must read: How to Secure your WordPress Plugin? Prevent CSRF Vulnerability

This plugin has performed 143 lockouts so far… Screenshot from my admin area..

Limit Login Attempts - Setting Options - Crunchify

Limit Login Attempts - Blocked IP - Crunchify

You may also be interested in on WordPress Security and more than 150 general WordPress tutorials on Crunchify..

Leave a Comment