One of the most effective ways to prevent hackers working out your username and password is to limit login attempts by I.P address.
If you don’t, you may find a hacker using a malicious program which tries millions of password combinations until it works out what your username and password.
The best way to prevent this happening is to install a plugin named Limit Login Attempts. Its a free plugin which protects your login details from being deciphered by hackers.
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the admin page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
This plugin blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy
Download Limit Login Attempts Plugin for WordPress
Once you’ve installed & activated the plugin, go to the settings page and configure the options or simply use the default options.
Another way to prevent hackers trying to work out your login details is to create a secret custom login link url so your login address isn’t like the default, http://yourdomain.com/wp-login.php which most WordPress installations use.
Don’t risk losing your content to a hacker. Secure your WordPress site against hackers quickly & easily by installing one of the most popular WordPress security plugins, the limit login attempts plugin for WordPress.