Do you want to limit the number of logins in WordPress?
Because hackers can try to guess your password for profit. If you limit the number of times they can log in, you greatly reduce the risk of account theft. In this article, I will show you how and why you should limit login attempts to your WordPress site.
Contents
Why should you limit the number of logins in WordPress?
Brute force attack is a method of using trial and error to break into a WordPress website. The most common type of hack is password guessing. Hackers use automated software to guess your login information.
Normally, WordPress allows users to enter their password as many times as they want. Hackers can try to exploit this by using scripts that enter different combinations until they guess the correct credentials.
You can prevent that by limiting the number of failed login attempts per user. For example, you can temporarily lock out a user after 5 failed login attempts.
Unfortunately, some users find themselves locked out of their own WordPress site for entering the wrong password the number of times allowed. If you find yourself in that situation, then you should follow the steps in our guide on how to unblock the login limit.
Let’s see how to limit the number of logins to your WordPress site.
How to limit the number of logins in WordPress
The first thing you need to do is install and activate the Limit Login Attempts Reloaded plugin . For more details, see our step-by-step guide on how to install a WordPress plugin.
The free version is all you need for this guide. Upon activation, you should visit Settings » Limit Login Attempts page, then click on the Settings tab at the top.
The default settings will work for most websites, but I will show you how you can customize the plugin settings for your site.
Need to comply with GDPR
To comply with GDPR laws, you can click the “GDPR compliant” checkbox to display a message.
Next, you will choose to be notified when someone is locked. You can change the email address to which notifications are sent if you want. By default, you will be notified the third time the user is locked out.
You should then scroll down to the “Local app section” where you can define how many login attempts can be made and how long the user will have to wait before they can try again.
First, you need to determine how many login attempts can be made. Then choose how many minutes the user will have to wait if they exceed the number of attempts. The default value is 20 minutes.
You can also increase the timeout when the user is locked. The default setting will not allow users to log in for 24 hours.
You should not change the ‘Trusted IP origin’ setting for security reasons. Don’t forget to click the Save Settings button at the bottom of the screen to store your changes.
Epilogue
I hope with this simple trick, you can better secure your WordPress site.
If you find it interesting, you can follow the basic WordPress section to know more new knowledge.
Follow fanpage to receive the latest posts: Group
