Thursday, April 16, 2020

WordPress Limit Login Attempts How to Do It (Easy Free)

While WordPress itself is a secure platform, this doesn’t make your site immune to break-ins. One of the most common attacks is human or bot hackers trying to force their way through your login page by trying various username and password combinations until something works. To keep them from succeeding, you can use a WordPress limit login attempts plugin.By default, people can continuously try to log into your site, with no restrictions on attempts. However, most legitimate users won’t need more than a few tries (at most). Therefore, you can limit the number of login attempts made from a specific IP address in a set amount of time. Any user who goes over the limit can be temporarily or permanently locked out, as a safety precaution.In this post, we’re going to show you how to set the feature up using a free WordPress limit login attempts plugin. Then, well share some of the pros and cons of this approach. Let’s get to work! 100% free.Popular active on ove r 700,000 sites, according to WordPress.org.Well-rated a 4.9-star rating (out of 5).Easy to use. Limit Login Attempts Reloaded Author(s): WPChefCurrent Version: 2.9.0Last Updated: June 12, 2019limit-login-attempts-reloaded.2.9.0.zip 96%Ratings 2,341,651Downloads WP 3.0+Requires While the plugin is easy to use at a basic level (it starts working as soon as you activate it), it also boasts a variety of configuration options, including some handy extras (such as the ability to whitelist or blacklist both IPs and usernames).To get started, install and activate the Limit Login Attempts Reloaded plugin at your WordPress site.  If youre not sure how to install a WordPress plugin, check out our guide here.Step 2: Customize the plugin’s settingsAs soon as you activate the plugin, it starts working right away. By default, users get four guesses before the plugin locks them out:However, the plugin also provides a settings area where you can modify how this functionality works. To access this area, go to Settings Limit Login Attempts:In the Statistics  section, you can find details about how many ‘lockouts’ have occurred due to the plugin. This will be empty right now, but you can check back later to see how many potential brute force attempts the plugin has halted.Then, under Options, you can customize how the lockout system works. This includes deciding how many guesses the plugin will allow, the length of time users will be locked out for, and more. You can even enable a GDPR-compliance setting, which will obfuscate all recorded IPs for privacy reasons.Scrolling down a bit, you’ll also find sections labeled Whitelist and Blacklist:Here, you can enter specific IPs and/or usernames. If you add a user to the whitelist, they’ll be able to log into your site as many times as they’d like, and won’t have to worry about getting locked out.Adding someone to the blacklist, on the other hand, will permanently lock them o ut. The latter option is handy if you see a lot of suspicious activity coming from one or more specific IP addresses.Don’t forget to save your changes to this page when you’re done configuring the settings. That’s all you need to do to limit login attempts in WordPress!Should you limit login attempts on your website?At this point, you know how to set up a WordPress limit login attempts plugin on your site. However, you may be wondering if this is a necessary step for all WordPress users.Not all  security techniques  are right for every website, and this one does have both potential advantages and drawbacks. First, let’s look at the benefits of limiting login attempts:It prevents humans and automated bots from being able to try hundreds (or thousands) of username/password combinations, until they hit on the right one.A temporary lockout is often enough to deter an attack, as the hacker or bot will simply move on to the next likely target.Most of your l egitimate users will only need a single login attempt, or perhaps a few if they forget or mistype their credentials.In a 2016 survey from Wordfence, brute force attacks were the second most popular known type of attack, which illustrates that a limit login attempts plugin is indeed protecting you from a real attack vector.On the other hand, the possible cons include:Adding a plugin to your site. While WordPress limit login attempts plugins are very lightweight, this can put off site owners who want to keep their plugin counts down (for security or performance reasons).Legitimate users who forget their passwords or make multiple login attempts for some other reason can still get locked out, which is an inconvenience.The second drawback can be alleviated in a number of ways. You can make sure to display the number of login attempts remaining, for example, which will keep users from getting caught off guard:You can also keep the lockout time relatively short. In addition, you can add t rusted users to your whitelist, so they don’t need to worry about tripping the system.Ultimately, while this isnt a mandatory security feature, it’s a smart addition for nearly any site. As long as you don’t mind spending a few minutes setting up and configuring an extra plugin, you’ll be taking an important step towards keeping malicious users out of your site’s back end.ConclusionBrute force attacks are a common attack vector for hackers, and WordPress sites are often favored targets (thanks to the platform’s popularity). Fortunately, thwarting these attacks is relatively simple. All you need to do is prevent hackers and bots from being able to make lots of consecutive login attempts.In order to limit login attempts on your WordPress site, you can follow two simple steps:Install a dedicated plugin, such as Limit Login Attempts Reloaded.Configure the plugin’s settings, and let it do its job. Protect your #WordPress site from brute fo rce attacks with a limit login attempts #plugin Click To Tweet Do you have any questions about using a WordPress limit login attempts plugin? Ask us in the comments section below!Free guide5 Essential Tips to Speed Up Your WordPress SiteReduce your loading time by even 50-80% just by following simple tips.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.