It’s important to secure your WordPress website from unauthorised access. Everyone who has used WordPress before is aware that the login page is located at www.yoursite.com/wp-login.php (www.yoursite.com/wp-admin/ redirects to this page if you aren’t signed in) so it isn’t difficult for people with less than good intentions to gain access to your website, particularly if you haven’t changed your username from admin.
Today I would like to share with you one of my favourite security plugins for WordPress, a plugin that I install on all of my websites. Login Lockdown by Michael VanDeMar limits the number of login attempts from a given IP range over a set period of time.
You may have already come across the plugin before. Websites that are using it usually have a link at the bottom of the login page informing you that the site in question is protected (I say usually as some website owners may manually remove this link).
The IP address of everyone who tries to login to your website is logged. If a user enters the incorrect login information more than a set number of times (e.g. 3 or 5) then they will be ‘locked out’ and not be able to login again for a set period of time. The length of time that they are locked out can be adjusted from the plugin settings area.
The default setup is a 1 hour lockout after 3 failed login attempts within 5 minutes. If you want to discourage unauthorised entry even more you should increase the lockout time from 1 hour e.g. 24 hours. You need to remember though that legitimate users frequently forget their username and/or password therefore setting the lockout time too high will frustrate your website members. This is obviously not something to be concerned about if you or your staff are the only ones who should have access to your site, though sites that require users to sign in to comment etc should take this into consideration.
You can also lockout those who try and login with invalid usernames and mask login errors. At the bottom of the plugin settings page you will see a list of all the people who are currently locked out. This is a quick and easy way of monitoring unauthorised login attempts on your site.
I encourage you all to give Login Lockdown a try. It’s free to download and only takes seconds to setup so you have nothing to lose :)