(Last Updated On: January 18, 2014)

The one of the best way to make secure your WordPress site is that you should limit the failed login attempts in WordPress blog. Didn’t you understand, oh lemme elaborate completely. I’m trying to say to whenever you login, and suppose that you failed in login somewhere the password or maybe the username was incorrect :(. But did you know? The hackers do the same, and sometimes they just try to crack the password of your blog doing failed login attempts again and again. Because by default WordPress enable people unlimited login attempts. We must think about it, should the hacker do failed login again and again and we just wait for the outcome of being our site hacked, huh! No, Never…

Limit the number of Failed logins

How to Prevent Failed Login Attempts?

Limit Login Attempts in WordPress

The Limit Login Attempts is actually a WordPress plugin which let us know about the failed logins and also let us aware of IP addresses when the login was failed doing email to the admin and list that failed login information on plugin settings page.

How it Works?

1. Download, install and activate the plugin Limit Login Attempts.

2. Go to Settings > Limit Login Attempts

3. Conquer settings according to you.

Limit Login Attempts Plugin Settings Page

Key Features

  • Limit the number of failed login attempts
  • It informs user about remaining retries
  • Email notification to admin after entire failed logins (optional)
  • Handles server behind reverse proxy
  • It is possible to whitelist IPs using a filter. But you probably shouldn’t. 🙂

That’s it!