Skip to Main Content

How and why you should limit connection attempts on WordPress

Divi: the easiest WordPress theme to use

Divi: The best WordPress theme of all time!

With over 901.000 downloads, Divi is the most popular WordPress theme in the world. It is complete, easy to use and comes with more than 62 free templates. [Recommended]

Since time, hackers have tried to hack WordPress sites in several ways and one of the most popular methods is guessing passwords. By default, WordPress does not prevent users from making multiple attempts to log in. For hackers, trying to guess the passwords is still called " Attack by brute force" page (in French).

However, on WordPress, you can add security measures for your blog. In this tutorial, I will show you how to limit the number of login attempts on your blog, while explaining why you should do it.


Why do you need to limit the number of connection attempts

By default, WordPress allows users to enter a password as many times as they want. Hackers take advantage of this measure to set up automated scripts that enter several combinations of different words as passwords until the correct password is found.

To prevent this, you should limit the number of login attempts per user. For example, you can configure your blog so that after 5 attempts the user is blocked for a while.

If a person tries more than 5 times, then his IP address may be blocked for a period of time (all this according to your settings). You can configure blocking and limit it to 5 minutes, 15 minutes or even a day.

Easily create your website with Elementor

Elementor allows you to easily create any website design with a professional look. Stop paying expensive for what you can do yourself. [Free]


How to limit login attempts on WordPress?

The first thing to do is to install and activate the plugin " Login LockDown". After activating the plugin, visit the location " Settings> Login LockDown“, To configure the plugin.


To begin, you can set the number of attempts that can be made. After that, you can choose the period during which users will not be able to log in again (the concerned user).

This plugin will allow users to try even usernames that don't exist. To prevent this behavior, you can click "Yes" for the option " Lockout invalid username?". Remember to configure the number of minutes an IP address will be blocked by modifying the value of the " Lockout Length (Minutes)" page (in French).

Also by default, WordPress notifies users when they enter an invalid username or password. You can hide this notification by clicking on "Yes" for the option " Mast login Errors" page (in French).

Don't forget to update your settings.

Last recommendation

The first layer of protection on your blog is your password. You should consider using a strong password for your WordPress blog. It's clear that strong passwords are often difficult to remember, but it's essential to keep your blog safe.

As the owner of a multi-author blog, you can require the use of a strong password, using the plugin Force Strong Password.

If your blog is recent, it's very likely that few hackers are so interested, especially if they don't find it of real interest. However, you must avoid the worst by doing everything you can not to lose your blog. For example, you can make regular backups of your blog.

That's all for this tutorial, feel free to share it with your friends on your favorite social networks.

This article features 0 comments

Leave a comment

Your email address will not be published. Required fields are marked with *

This site uses Akismet to reduce unwanted. Learn more about how your comments data is used.

Back To Top