A WordPress Plugin to Help Secure Your Site

Limit Login Attempts

Limit Login Attempts Screen Capture

I recently started using a plugin called “Limit Login Attempts” to resist the onslaught of hackers trying to access and destroy my WordPress installations. This plugin was written by Johan Eenfeldt and is available for download from the WordPress Plugin Directory. I started using this plugin after I noticed WordPress included it as part of the new install packages. It comes pre-configured with 4 options. Each option may be changed to suit your needs.

Limit Login Attempt’s options are:

Lockout:  – Allow re-tries – Default value is 4″, “Minutes lockout – Default value is 20 minutes”, “Lockouts (default value 4)  increase lockout time to (default value 24 hours) hours” – “Hours until retries are reset (default value is 12 hours)”

Site Connection: choice of either “Direct connection” or  “From behind a reverse proxy”

Handle Cookie Login: “Yes” or “No”

Notify on Lockout: Checkboxes for “Log IP” and  “Email to admin after determined amount of lockouts (default is 4)”

It is nice to be able to adjust these options when there are threats like DDoS attacks or just hackers trying to capture your password. The plugin works well even with WordPress 4.0. The Author has not updated the plugin in a while. Hopefully an updated version will be released soon.

What I have noticed while using this plugin is the attackers do not stay very long when there is nothing to gain. And my site has been hit less often, which frees up my resources on the server.

Hats off to John Eenfeldt for his work… Thank you!

For More information on the “Limit Login Attempts” Plugin go to the WordPress Plugin Directory or to John Eenfeldt’s website.