Hacking is a fearfull term for the site owner. If your site got hacked you will have nothing to do except kicking your ass, virtually that is also impossible. One of the major way to get hacked by using “Admin” as username. Hackers are usually try to Login in your site as admin. WordPress, by default has got unlimited failed Login enabled. This allows passwords (or hashes) to be brute-force cracked with relative ease. They take this facility of WordPress. This would be very dangerous if someone would try to guess your user name and password. I am going to show you how you could keep safe your WordPress site from hacking by this method. WordPress security information will protect you. There are also many other plugin, but they are not updated may be. I prefer this plugin and using it since birth of this website.
See the picture below, someone was trying to hack my site by using “admin” username and password. Thanks to Limit Login Attempts for blocking them.
Features Of Limit Login Attempts:
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy
- It is possible to whitelist IPs using a filter. But you probably shouldn’t. 🙂
How to Install:
Its very simple to use this plugin. As it is a free plugin download it from WordPress.org ripo.
Or go to your Dashboard> Plugins> Add New. Write Limit Logi nAttempts on the Search bar and you will get the plugin at the first place.
Settings for Limit Login Attempts:
Settings are also quite easy for this handy plugin. See the picture below: