WordPress tutorials

How to limit login attempts in WordPress for avoiding brute force attacks

How to Secure Your WordPress Website

Brute force is a hacking technique that is normally used by hackers. It is a kind of method geared towards gaining access to a targeted site. The hackers have a clever means of having their way into the sites. They attempt both the usernames and the passwords several times until they succeed.

limit wordpress loginsNormally, website owners with usernames such as ‘admin’ and simple passwords such as 123456 are the ones who are hardest hit.

These attacks normally have negative effects onto a site. One of the greatest negative effects is, the server’s memory suddenly goes through the roof, thereby causing poor performance. The server runs out of the memory as a result of the frequent times a person visits the site.

To avoid this, website owners should try as much as they can to protect their sites and blogs against the brute force attacks. One of the ways of protecting oneself against the attack is by using the limiting login attempts plugin.

How to limit the login attempts

  1. Limit login attempts plugin

Hackers, on a daily basis make login attempts to attack targeted sites through automated login script. To be on the safe side, as a website owner, ensure that you track and block all the IP addresses which are trying to login via a plugin known as Limit login attempts plugin.

limit login attemptsLimit login attempts is a plugin that limits the rate of login attempts and temporarily blocks IP for up to 10 minutes. It is purely designed to protect the site from brute force attacks.

Below is an example of how the plugin works.

           Login failed: Sorry! Wrong information!

           3 attempts remaining!

This means that when a hacker tries to login using either a wrong password or username, he won’t be able to access the site.

Limit login attempts is such a useful and a powerful plugin which protects sites from the attacks tons of times and is widely embraced by website owners.

  1. Changing the default username

The default username of WordPress is admin. Most of the attackers, as a result of this, assume that people use the ‘admin’, hence find it easy to attack the sites. It is always advisable that you change your username immediately. Failure to this gives hackers an easy and free entrance to catch your site with the brute force attack.

  1. Use strong passwords

Passwords are normally created to make it hard for other people to access a given place. In the case of a site, a password is basically to make it hard for other people to guess and for hackers to attempt their brute force attacks.

Many people use the default password, 123456, which can easily be guessed, hence not advised.

When choosing passwords;

  • Do not go for short passwords
  • Do not choose a word from common places like the dictionary.
  • Use a mixture of alphabet-only and numeric-only.
  • Also, do not go for permutation of your company name, real name or even name of your website.

A strong password is important as it protects your blog and site from hackers may even install malicious scripts which can potentially compromise your server.