2 Easy Steps To Limit Login Attempts In WordPress Websites

Many people convert HTML site to WordPress or move from other formats to acquire a versatile interface. The open-source CMS is a popular choice for users ranging from bloggers to e-commerce operators. However, such people must know how to limit login attempts in WordPress interfaces. This will protect them from attacks and prevent sensitive information from breaching. Many people try to avoid this problem by hiding their login pages. This is not a viable solution for many owners like those running online stores or membership websites. Putting a cap on the login tries remains the best and most effective security measure for them. Let’s see how this vital safety feature can be activated on WordPress interfaces.

Why Is It Necessary To Limit Login Attempts?

Some people reading this article must be wondering whether they really need this feature. WordPress is an open-source platform which makes it an attractive target for unscrupulous elements. Even if an interface does not contain sensitive user data, it makes sense to incorporate the safety measure in it. The following reasons make it necessary to have restricted login tries:

1. Default WordPress Feature Is Insufficient

The CMS by default lets people try to log in as many times as they want. This is not a good feature at all as unethical users may try to exploit it to gain entry into other people’s accounts. Putting a cap on the chances can help prevent such situations.

2. Preventing Hacking Attacks

Having a restriction in place will stop humans as well as bots from making repeated attempts to crack websites. Hackers use automated bots who test numerous username-password combinations for breaking into interfaces. Locking down websites will stop robots from carrying out attacks.

3. Protecting Critical User Information

Interfaces such as virtual stores and membership websites encourage people to register with them and save payment details. This helps subscribers in easily accessing the platform and making transactions in the future. Such websites are prime targets of cyber-criminals. This makes it essential for these portals to employ this simple but effective safety measure.

4. Assures Legitimate Users

Legitimates users will hardly need to make more than a couple of tries to gain entry to interfaces. Even if they make a mistake, they will rectify it in the next attempt. However, subscribers need to be assured that the interface with which they are sharing personal data is a secure platform. Having this kind of restriction in place will help in mitigating their fears.

How WordPress Users Can Limit Login Attempts?

The following simple procedure can be used to limit login attempts in WordPress websites:

Step 1: Install A Plugin

Plugins allow WordPress users to easily add the desired feature to their interfaces. The large development community which supports the platform ensures that people easily find a plugin which fulfills their requirement. In this tutorial, we are using the Limit Login Attempts Reloaded plugin to restrict login chances. It is an open source software which means it is available for free. It is an efficient product with a 5-star rating on the platform’s plugin store. The tool blocks an IP address after it has exhausted the specified chances of logging in. it is a GDPR- compliant solution which hashes up all the logged IPs. This ensures the safety of personal user data.
Access the admin dashboard of your website installation and go to “Plugins > Add new”. Type the name of the tool in the search field. Locate it in the search results and click on it to download its files. Once the installation is completed successfully, activate it on your interface. The tool will start working immediately. If you visit the login area, you can see the specified number of attempts listed.
Limit Login Attempts In WordPress Websites

Step 2: Configure The Settings

You must configure the settings to customize the tool according to your requirements. Go back to the dashboard and access “Settings”. Locate the plugin and click on it. The screen that now opens will help you in making the configurations. In the “Statistics” section, the first field is “Total lockouts”. This tells the number of lockouts that have occurred to date on the website. Below it, you will find a section called “Options”. This is where you can make the necessary modifications. In the “Lockout” option choose the number of retries that a subscriber can have. Set the duration for locking out users when they unsuccessfully exhaust all the specified attempts. You can also choose to enable the GDPR-compliance setting.
Limit Login Attempts In WordPress Websites
Scroll down to locate two sections called Whitelist and Blacklist. Entering IPs or usernames in the Blacklist will permanently lock out such users. On the other hand, those put in the Whitelist category will never be locked out of the website. Save all the changes and the safety feature will be incorporated in your interface.
Limit Login Attempts In WordPress Websites


It is essential for website owners to know about the methods to limit login attempts in WordPress. The security measure helps them in protecting the reputation of their interfaces by preventing brute-force attacks.

About Author:

Brandon graves is a WordPress expert by profession and He works for a convert website to wordpress theme company – HireWPGeeks Ltd. He uses to write useful tutorials on WordPress and socialize it different social media platforms.
Also Read :- The Best-Managed WordPress Hosting Provider Of 2019 

Leave a Reply