Let’s face it; no website is totally safe from hackers, but, that doesn’t mean we cannot do a thing about it, one thing you can do is limiting WordPress login attempts.

WordPress limit logins

The security of your website should be one of the top items on your list.

It is embarrassing and expensive in time, cost, and reputation when a hacker hacks his way into our website compromising user data or defacing the site itself.

That is why in your arsenal of security practices, there has to be a way of stopping or at least preventing some hacker like actions that look like brute-force attacks.

These attacks take advantage of the default WordPress system. WordPress by default allows unrestricted attempts at logging into the website.

If someone has enough time, they can guess any password, with the high-performance gear hackers use, guessing weak passwords wouldn’t take them that long.

That is why it is a good practice as a website owner or administrator to set in place policies that restrict the attempts individuals have at trying to gain access to your website by limiting WordPress login attempts.

Yes, it may be a legitimate inconvenience to users who genuinely forget their passwords, but, it’s not comparable to the loss of a hack. For such users, a password recovery means would help them.

So how do you limit WordPress login attempts?

It is actually easy to do, using a WordPress security or firewall plugin.

Almost every security plugin you will get your hands on enables you to limit WordPress login attempts.

In this article we shall walk you through one plugin, that is built just to limit WordPress login attempts.

How to Set up WordPress Limit Login Attempts?

Installing Limit Login Attempts Reloaded plugin

Log in to your WordPress website then go to the plugin section and click Add new.

Add plugin in WordPress

In the search box, enter, “Limit Login Attempts Reloaded.

In the search results, you should see – Limit Login Attempts Reloaded – click Install Now and wait for a second or two and then click Activate.

Install Limit Login Attempts Reloaded plugin

Note: If you downloaded the plugin files from WordPress.org, then click the Upload Plugin button.

Configuring Limit Login Attempts Reloaded

Go to Settings; Limit Login Attempts.

Limit login settings

On the settings page, the important area to look at is the Lockout.

Set the allowed

  • Lockout entries – the total number of attempts before a user is locked out of the site.
  • Minutes lockout – how long a user is locked out before they can attempt logging in again
  • Lockouts increase l lockout time – after a certain number of lockouts, increase the lockout time to how many hours
  • Hours until retries are reset.

Limit login settings 1

Specify these units according to your desire, then if you want to receive notifications on any lockouts, check the option and provide the email address to which the notices are sent.

That is pretty much all you need to do to limit WordPress login attempts with Limit Login Attempts Reloaded WordPress plugin.

However, for completeness and for what more you get with the plugin you can scroll down and add IP addresses to the:

  • Whitelist (users who log in from these IP addresses will not get locked out no matter the failed attempts – you could probably add your IP address here.)
  • Blacklist – users who try to login using an IP address in this list are automatically locked out.

Limit login settings whitelist and blacklist

Don’t forget to save your settings, Click the Save options button.

Whitelist your public IP address

Note: If you want to test that the plugin is working, first add your public IP address to the whitelist.

Since we are talking about security, hacking prevention in particular, it worth mentioning that these are best practices, at the very best they prevent a lazy hacker or bot from getting into your websites, however, the sad truth and reality is that you aren’t entirely safe from hacks.

Give a hacker(s) good motive any system gets penetrated.

That is why on top of any business continuity plan, there should be data protection and system or process to limit downtime on the unfortunate event of a hack.

WPvivid 3-in-1 backup plugin is a powerful, lightweight WordPress backup and website migration plugin.

Save a local copy of your entire website, or securely store it on the cloud with Google, Amazon, Dropbox, and many other top tier cloud storage providers.

Final Thoughts

in the beginning, I mentioned you could use any security or firewall plugin to limit WordPress login attempts.

Limit Login Attempts Reloaded only limits WordPress login attempts; however, with security or firewall plugins you can do a lot more to secure your website.

You can take a look at this one.

iThemes security – formerly Better WordPress Security.

And loads more are available on our picks for top 8 WordPress firewall plugins.

The security of your website should have your attention; limiting WordPress login attempts is one easy to get started.

In this article, we used Limit Login Attempts Reloaded, if all you need is to limit WordPress login limits on your website, then this is a very easy to use plugin as we have demonstrated that you deploy on your WordPress website today.

At the center of any security conscious administrators tasks is a concern for business continuity; this is only guaranteed with a data backup and data recovery system in place – a contingency when there is a necessity.

If you have any questions or just curious more about security, then let us know in the comments section below.

You may also want to add two factor authentication (2FA) in WordPress to enhance your site security.