How and Why You Should Limit Login Attempts to Your WordPress Dashboard

This article explains how and why you should limit the number of login attempts to your WordPress Dashboard. It’s all to do with protecting your site from brute force attacks.

There are no user login restrictions by default. That means you can try as many times as you want if you forget your username and password. It sounds convenient, but it’s a bad idea. Why? Because hackers exploit this exhaustive search vulnerability to gain access using special password-cracking tools.

Hackers and Brute-Force Attacks

Hackers love to take advantage of WordPress Websites that allow brute-force attacks. They have unlimited trial and error time to crack passwords using cryptographic hacks. It’s not hard work for these black hatters today as they use automated tools.

Brute-force attacks can take a while depending on the length and strength of a password. Hacking programs can check all possible combinations of characters at ultra-high-speed. There’s nothing for the crook to do other than wait once he or she sets the hack in motion. The way to stop these attacks is to restrict the number of login attempts to your WP Dashboard.

What’s In it for Hackers?

Too many inexperienced webmasters don’t take website security seriously. They think their site offers little or no interest to hackers and is therefore safe from attacks. This line of thinking is wrong. Most hackers are opportunists. They do what they do just for kicks, to disrupt, to steal, or to make money off the back of your efforts (see below). Being hacked is no fun at any level.

The hacker’s mindset

Those who attempt to gain unauthorised access to websites want it to be easy. That’s why they target weak logins, so every vulnerable site is at risk. It pays to know a little of the hacker’s mindset and intentions. This way, you’re sure to view site security in a much healthier light.

Here are the 7 reasons why hackers hack:

  1. It’s fun, a challenge, a thrill (mostly young trainee hackers in the making)
  2. Profit from spam ads placed across the hacked website
  3. Reroute your traffic to commissioned ad sites
  4. Infect sites with spyware (malware) to sell traffic data to advertisers
  5. Steal personal data stored on the target site
  6. Hijack the site for malicious activity purposes
  7. Disrupt the reputation of the site and or its owner

That last point is often the result of unfriendly competition paying bad actors. Poor losers want you out of the way so they can step in steal your traffic and business.

Limiting Login Attempts Protects WordPress

Contrary to popular belief, most hackers don’t want a tough challenge. Those who breach the cybersecurity of governments or large corporations are a minority. The majority, though, are online criminals. They want an easy life, just like trespassers and house burglars in the real world. Limiting WordPress login attempts is an effective way to discourage cyber crooks.

Limit WordPress Login Attempts with Loginizer

The rest of this piece shows how to limit WordPress login attempts with a plugin. The one used to illustrate is Loginizer by Softaculous. It has over 1M active installations and a 4.8-star rating.

In your WordPress Dashboard, choose Plugins and Add New from the side menu.

Type Loginizer into the search box. WordPress will deliver several options, but the one you want should be the first on the left (see next). Click its Install Now button.

The Install Now button should change to Activate after a few seconds. Click it.

You have successfully installed and activated the Loginizer plugin.

From the Dashboard menu, select Loginizer Security, then Brute Force.

The next screen is where you get to set the number of failed attempts before the lockout. You can also control the lockout time in minutes, and receive email notifications of hack attempts.

Here’s a snapshot of the Brute Force Settings page.

There are more control options you can enable further down. They include Blacklist IP, Whitelist IP, and custom Error Message sections. It’s all quite straightforward.

Loginizer Security offers more than just Brute Force Security. Check out its other protection features in the menu used to improve website security.

Loginizer Security Menu:

Closing Comments

There are no good reasons not to limit the number of failed login attempts to the WordPress Dashboard. The simple plugin used here gives you plenty of free tools to do this along with a few other security hacks. Other plugins offer protection against Brute Force Attacks, so feel free to explore your options.

Want to Learn WordPress?

WordPress is an amazing platform for building any type of website.   It’s used by large corporations and small mom & pop sites.

You may also like


Leave a Comment

Your email address will not be published. Required fields are marked *

Hello, I'm
Andy Williams!

You can get up to 90% off my Online Courses for webmasters, marketers & affiliates (plus a free course on Gutenberg).

Create your own WordPress Theme

It's built in to WordPress using Gutenberg, and my new course shows you how.