How & Why To Limit Login Attempts in WordPress

Last updated on

Let’s face it! Several thousand websites are hacked every year and the majority of it runs on WordPress due to its popularity.

Not because the platform is unsecured but how individual or group trying to mess out your site.

In fact, if you don’t take WordPress security fully your website can be a victim of hacking, too.

As the saying goes, “prevention is better than cure”. So, don’t wait your site gets compromised, prevent it while you still can.

Good news is that you have several ways how to limit login attempt in WordPress.

Why You Should Limit Login Attempts in WordPress?

In the first place, you may ask, why you should be limiting login attempts in WordPress?

Well, the most common reason is to help secure your site by protecting WordPress admin area.

In most cases, hackers will try to access your site through WordPress admin area (http://yourdomain/wp-admin) using most commonly used “admin” as a username and some well-versed script to guess your password.

By default, WordPress allows unlimited login attempts. This allows passwords (or hashes) to be brute-force cracked with relative ease.

As a friendly reminder, you should change the username to something personal by creating a new admin user in the WordPress admin panel which we’ve mentioned in the different ways to secure WordPress site here.

How to Limit Login Attempts in WordPress?

First thing you need to do is install and activate the “WP Limit Login Attempt” plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Once activated, the plugin adds a “WP Limit Login” menu item under Settings. Clicking on it will take you to the plugin’s settings page.

With the lite version, you are limited to:

  • Number of login attempts: 5
  • Lockdown time in minutes: 10
  • Number of attempts for captcha: 3

Upgrading to Pro version will get you even more premium features and support.

That’s all, I hope this article helped you learn how to limit login attempt in WordPress using the WP Limit Login Attempt plugin. You may also want to see this guide on the best two-factor authentication plugins for WordPress.

Do you have any method of limiting login attempt in WordPress? Share it in the comment section below.

Our Most Popular Post Right Now!
Disclosure: Some of the links on this site are “affiliate links”, which allow me to earn a small referral payment if you choose to purchase the product or service.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended Book: WordPress All-in-One For Dummies
Subscribe to Blog via Email
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
This field is for validation purposes and should be left unchanged.

Don’t worry, we hate spam as much as you do.
Do you need help setting up WordPress?
I can help you with blog and site setup, full website build, performance & security, maintenance and support, and many more.
Recommended Web Hosting