Now, more and more site owners attach much importance on website security for there are an increasing number of hackers outside. As the entrance of a website, the login page is the first and most important protection of your site. However, for some newbies in this field, they even don’t know why they should limit login attempts; let alone why to do so.
In order to make our readers’ website as safe as possible, our editors explain why and how to limit login attempts for your WordPress website, expecting you can put all the following suggestions into practice and keep your site far away from hackers.
Why Should You Limit Login Attempts
WordPress allows unlimited login tries by default, which may create great chances for hackers to enter into your website admin page and do whatever they want. The hackers may guess your password and try them over and over again until get the valid one, or even create a script to guess your password. So, how can you avoid the possible damage?
Certainly, there is a solution for this and what you need to do is limit the login attempts. You can set the rule that a user will be locked out for some time if they enter wrong username and password more than the set times. The practice also enables you to know the number of people who try to hack your site. As long as you notice the same IP appears repeatedly, then, you need to forbid that address forever.
Limit Login Attempts with .htaccess
Knowing the function and significance of limiting the login attempts, the next step should be how to achieve this. The easiest way is to use .htaccess. Of course, before limiting login attempts, it is extremely important to strengthen your username and password at first.
Firstly, login to your control panel, cPanel for example, and click on File Manager under Files section. Choose Document Root for your domain and make sure all hidden files are displayed, then, click on go. Later, right click on .htaccess and after choosing edit, there will be a text editor popping up for you to edit.
Now that the .htaccess file is open, you just need to embed the following code to give it orders. Note that the code limit login attempts by allowing assured IP address to login. Just change the numbers in the code with user IP address and if you want to add more users, just add a line of code.
Limit Login Attempts with Plugins
As a popular website building platform, WordPress also takes security issues seriously for it releases numerous security plugins. Now, we list several useful and easy-to-handle plugins to help readers limit login attempts easily.
Limit Login Attempts
The plugin helps to limit number of login attempts through two ways – using Auth cookies and normal logins. It allows webmaster to set the limited number of retry attempts and inform users about lock time or remaining retries on the login page. Besides, it is fully customizable which means you can set all factors about the plugin from appearance to limit times and duration.
Hide Login+ secures login and login page by creating exclusive URLs for admin’s login page, users’ login and logout. To minimize website risk, the plugin automatically prevent access to wp-admin and wp-login.php.