Yesterday I posted an article called “7 Essential WordPress Security Plugins,” which let’s you know what WordPress security plugins you need to install to help protect and secure your WordPress installation.One of the security plugins I recommended was “Limit Login Attempts.” Limit Login Attempts is a WordPress plugin that limits the number of login attempts a person can make before being banned. It also allows you to configure e-mail notifications, so you know when a ban happens.
This tutorial will show you how-to install and configure Limit Login Attempts, so you don’t have to guess or assume what settings are the best.
How-to Install Limit Login Attempts
Firstly, login to your WordPress installation. When you login, you’ll be taken to your WordPress dashboard.
Install Through the Administration Panel
On the left hand side you’ll notice the WordPress side navigation panel. Look for “Plugins,” and hover your mouse over it. The plugins menu will then display, showing you available options. It’ll look like this:
Next, move your mouse down and click on “Add New.”
You should arrive to a page with the title of “Install Plugins,.” In the search box, search for “Limit Login Attempts,” and then click on “Search Plugins.”
You’ll end up on page that looks like this:
The first plugin should be Limit Login Attempts. Click on “Install Now” to install the plugin.
You have not successfully installed the plugin and will be taken to a page like this:
Now click on “Activate Plugin” to activate the plugin.
Congrats, you have successfully installed the plugin!
Now if you hover your mouse over the “Settings” menu on the left side navigation you’ll notice Limit Login Attempts has been added and this what you will click to configure the plugin. So, let’s click on it.
Manually Installing Limit Login Attempts
If you want to manually install Limit Login Attempts, you can go to the plugin’s WordPress.org profile here and download the plugin. Once downloaded, exact the files and upload them to the plugins directory of your WordPress Installation. Click on “Plugins” on the left side navigation and click on “Activate.”
Limit Login Attempts Configuration
Now we will configure Limit Login Attempts using the plugin’s setting page; which is a single page, that looks like this:
The configuration of Limit Login Attempts is pretty much done. The only thing I would change is under “Notify on lockout.” There is an option “Email to admin after _ lockouts.” I would check this option and change the amount to 1, as I want to know right away what is happening – who is trying to login. Here is how the page looks like after modifying what I recommend and before you save the changes.
I would not change the initial allowed entries and logout, because you may forget your password and four (4) is a good attempt of attempts and if you do forget your password and get logged out, 20 minutes is a good amount of time to wait before retrying – it gives you time to think what you’re password is.
After the first lockout keep the attempt of attempts to four (4) but you can change the amount of time before that lockout expires. At minimum, the lockout should be 24 hours.
You are done! If you have any questions, don’t hesitate to get in touch with me.