{"id":9112,"date":"2020-07-07T15:00:56","date_gmt":"2020-07-07T13:00:56","guid":{"rendered":"https:\/\/qodeinteractive.com\/magazine\/?p=9112"},"modified":"2020-07-28T23:40:16","modified_gmt":"2020-07-28T21:40:16","slug":"limit-login-attempts-in-wordpress","status":"publish","type":"post","link":"https:\/\/qodeinteractive.com\/magazine\/limit-login-attempts-in-wordpress\/","title":{"rendered":"How to Limit Login Attempts in WordPress (And Why)"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]Let\u2019s agree right from the start that no one likes to use long and complicated passwords. The more characters you add to it \u2014 the more you make it secure \u2014 the higher the chances that you\u2019ll make a mistake when you\u2019re trying to log in to apps, service accounts, and \u2014 your WordPress website. Still, you go through all of it because security matters. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]For someone who\u2019s determined to keep their website as secure as possible with long and complicated passwords, limiting the number of login attempts in WordPress might seem like the last thing you\u2019d want to do. <strong>But as we said before, security matters, and forcing a timeout between a set number of login attempts is a valid security measure<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]In this article, we\u2019ll show you: [\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#why-you-should-put-a-limit-on-login-attempts\">Why You Should Put a Limit on Login Attempts in WordPress<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#how-to-add-a-login-attempts\">How to Add a Login Attempts Limiter to WordPress<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#how-to-make-your-passwords-more-secure\">How to Make Your Passwords More Secure<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;70px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"why-you-should-put-a-limit-on-login-attempts\"><\/a>Why Put a Limit on Login Attempts in WordPress?<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Why-Put-a-Limit-on-Login-Attempts-in-WordPress.png\" class=\"attachment-full size-full\" alt=\"Why Put a Limit on Login Attempts in WordPress?\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Why-Put-a-Limit-on-Login-Attempts-in-WordPress.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Why-Put-a-Limit-on-Login-Attempts-in-WordPress-300x169.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Why-Put-a-Limit-on-Login-Attempts-in-WordPress-620x350.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Most website owners and administrators are aware that they are not the only people who\u2019ll log into their website. Everyone from content creators to search engine optimization specialists will require access to your website\u2019s backend. But even though you might make their workdays a tiny bit more difficult on the days when they have trouble remembering their login details, <strong>they\u2019re not the people you\u2019re setting up a login limitation for on your website<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]The people against whom you&#8217;re protecting your website with login attempt limitation are hackers with their bots and scripts. Among the many techniques, tools, and attack vectors they can employ to damage your website, take advantage of it for their gains, or simply mess with you, <strong>hackers can try something called a brute force attack to gain access to your website\u2019s backend<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]When using a brute force attack to try to access your website&#8217;s backend, a hacker will effectively try combinations of letters, numerals, and characters until they\u2019ve found one that gets them access to the website. <strong>They usually won\u2019t do the hacking on their own \u2014 they\u2019ll use scripts to try tens of thousands of passwords every second until they find one<\/strong>. That means that, depending on how strong the password you use is, <strong>they can take anywhere from seconds to years to crack your password<\/strong>.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Forcing the hacker to take a break every couple of attempts doesn\u2019t make your website impenetrable, but it makes hacking it more time-consuming. <strong>When trying to crack the password becomes impractical \u2014 too costly in terms of time and resources \u2014 the hacker is likely to move on to the next target<\/strong>. If they have it in for you, they\u2019ll try a different type of attack. Either way, they\u2019re unlikely to continue trying to brute force their way in. [\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"how-to-add-a-login-attempts\"><\/a>How to Add a Login Attempts Limiter to WordPress<\/h2>\n<p>[\/vc_column_text][vc_column_text]The easiest way to limit login attempts in WordPress is by using a plugin. The <a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\" rel=\"noopener noreferrer\">Limit Login Attempts Reloaded plugin<\/a> is a great choice for a couple of reasons \u2014 it\u2019s free, it has lots of active installations, and the people who use it mostly have nothing bad to say about it. You can install it on top of <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-security-plugins\/\" target=\"_blank\" rel=\"noopener noreferrer\">other security plugins<\/a> you already use if they don\u2019t have a login attempts limiter feature.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-plugin.jpg\" class=\"attachment-full size-full\" alt=\"Limit Login Attempts Reloaded plugin\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-plugin.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-plugin-300x169.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-plugin-620x350.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]After you\u2019ve <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-install-a-wordpress-plugin\/\">installed and activated the plugin<\/a>, you can go to <strong>Settings &gt; Limit Login Attempts<\/strong> to set up the plugin. The very first set of options you access is under the Dashboard tab. <strong>There, you\u2019ll be able to access some lockout statistics, but more importantly, you\u2019ll be able to blacklist and whitelist certain IPs and usernames<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Access-some-lockout-statistics.jpg\" class=\"attachment-full size-full\" alt=\"Access some lockout statistics\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Access-some-lockout-statistics.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Access-some-lockout-statistics-300x169.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Access-some-lockout-statistics-620x350.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]In the Settings tab, you\u2019ll be able to choose whether you need the plugin to be <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpres-gdpr-compliance\/\">GDPR compliant<\/a> and whether you want to be notified by email when lockouts occur.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Settings-tab.jpg\" class=\"attachment-full size-full\" alt=\"Limit Login Attempts Reloaded Settings tab\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Settings-tab.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Settings-tab-300x169.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Settings-tab-620x350.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]The Worker settings are where you can <strong>set up the number of allowed retries, how long you want the lockout to last, and how long you want to wait before the retries are reset<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Worker-settings.jpg\" class=\"attachment-full size-full\" alt=\"Limit Login Attempts Reloaded Worker settings\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Worker-settings.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Worker-settings-300x169.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Limit-Login-Attempts-Reloaded-Worker-settings-620x350.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]The final tab contains debug code you should send to the plugin maker\u2019s support if something goes wrong with it. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]After you\u2019ve adjusted all the settings and saved them, the plugin will start doing its job. <strong>When someone tries to log in using a wrong password or user name, they\u2019ll be notified of the number of attempts they have left<\/strong>. [\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;]<div class=\"qodef-single-image-holder   qodef-has-border \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Log-in-using-a-wrong-password-or-user-name.jpg\" class=\"attachment-full size-full\" alt=\"Log in using a wrong password or user name\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Log-in-using-a-wrong-password-or-user-name.jpg 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Log-in-using-a-wrong-password-or-user-name-300x169.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/Log-in-using-a-wrong-password-or-user-name-620x350.jpg 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]If they don\u2019t manage to provide a valid username and password in the attempts they have left, they\u2019ll be prevented from trying again for a period you\u2019ve set.[\/vc_column_text][vc_empty_space height=&#8221;81px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_separator color=&#8221;custom&#8221; accent_color=&#8221;#f0f0f0&#8243;][vc_empty_space height=&#8221;50px&#8221;][vc_widget_sidebar sidebar_id=&#8221;top-picks-banner&#8221;][vc_empty_space height=&#8221;28px&#8221;][vc_separator color=&#8221;custom&#8221; accent_color=&#8221;#f0f0f0&#8243;][vc_empty_space height=&#8221;80px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"how-to-make-your-passwords-more-secure\"><\/a>How to Make Your Passwords More Secure<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"395\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/How-to-Make-Your-Passwords-More-Secure.png\" class=\"attachment-full size-full\" alt=\"How to Make Your Passwords More Secure\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/How-to-Make-Your-Passwords-More-Secure.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/How-to-Make-Your-Passwords-More-Secure-300x169.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/07\/How-to-Make-Your-Passwords-More-Secure-620x350.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Limiting login attempts shouldn\u2019t be the only measure you take to secure your website. Putting safety first is something you should do when choosing a web host. It\u2019s the reason why it\u2019s usually better to go for that <a href=\"https:\/\/qodeinteractive.com\/themes-list\/\">premium WordPress theme<\/a> than downloading who-knows-what and using it to customize your website. And only then you should start thinking about plugins that might help you secure your website.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>A lot of it is up to you, too<\/strong>. For example, knowing how to create, store, and use passwords is almost as necessary as knowing how to turn your computer or smartphone on \u2014 you shouldn\u2019t be able to do anything online without having that knowledge.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Here are some of the very basics of password security: [\/vc_column_text][vc_empty_space height=&#8221;23px&#8221;]<ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><strong>Your password should be as long as possible<\/strong>. The longer the better, really, as more characters make it more time consuming to break.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><strong>Use a random combination of letters, characters, numerals, and cases<\/strong>. Avoid using words as they\u2019re susceptible to dictionary attacks. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><strong>Don\u2019t tell your password to anyone<\/strong>. People are often the weakest link in a security system. The fewer people know a password, the more secure it is.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><strong>Try to change them reasonably frequently<\/strong>. You don\u2019t need a new password every day. A couple of times a year would work great.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><strong>Use a good password manager<\/strong>. A good password manager can help you with everything from generating super-strong passwords to changing them regularly.<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_column_text]After you\u2019ve done all of this, you should expect your password to be reasonably well-protected against the bulk of possible threats. All that\u2019s left to do is keep an eye out for new threats, and then take measures against them. [\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">Let\u2019s Wrap It Up<\/h2>\n<p>[\/vc_column_text][vc_column_text]It\u2019s never a good idea to just let anyone roam around your website\u2019s backend. That\u2019s what we have passwords for \u2014 to help us control access to the critical parts of our websites. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]But the very fact that passwords exist won\u2019t stop bad actors from trying to gain access to your website for their own, often nefarious, reasons. That\u2019s why you need to help your passwords do their job. You can make them strong, varied, and change them often. But you can also put a limit to login attempts in your WordPress website and send a clear message to anyone trying to brute force your website.[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Need to limit login attempts to your WordPress website? That&#8217;s a security measure that protects from brute force attacks \u2014 and we&#8217;ll show you how to do it.<\/p>\n","protected":false},"author":9295,"featured_media":9114,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[15,34,4,13],"class_list":["post-9112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-plugins","tag-security","tag-tips","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/9112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/users\/9295"}],"replies":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/comments?post=9112"}],"version-history":[{"count":0,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/9112\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media\/9114"}],"wp:attachment":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media?parent=9112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/categories?post=9112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/tags?post=9112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}