Another effective security method is to limit the number of login attempts.
you can download a free plugin such as Limit Login Attempts Reloaded.
The options in the plugin are pretty straightforward.
- Total Lockouts: gives you the number of hackers who tried to break in, but failed.
- Allowed Retries: the number of attempts an IP address is allowed to make before you lock them out.
Somewhere between four and six is probably the most popular retry amount. It allows real humans who are supposed to have access to make mistakes (because, after all, we all do make mistakes when entering passwords), realize they’re entering the wrong password, and fix their error.
It’s important to set it to the above two points, especially if you have frequent guest bloggers or several contributing staff members responsible for managing your site.
- Minutes lockout: how long an IP address will be locked out.
You might like to set it to “forever,” but that’s not helpful for people who really do make a genuine error — you want those to be able to let themselves back in eventually. 20-30 minutes is about right.
- Lockouts increase: because if it’s a Brute Force Attack, it’s likely to be back.
This function basically says “look,” I’ve seen you lock yourself out several times before, so now I’m going to lock you out for longer.” One day is a good one to go with.
- Hours until retries: how long until it resets everything and lets people try again.
The plugin also lets you manage your whitelist, blacklist, and trusted IPs.
Leave a Reply