How to Limit Login Attempts in WordPress

limit login attempts for wordpress

Limit login attempts to increase the security of your website.

WordPress is normally known as a Content Management System that is easy to use, very intuitive and comes with a lot of impressive themes that make it easy for developers to make great and responsive websites within a matter of hours.

But there is a dark side to WordPress, security. In 2016, according to the online security watchdog, threat post, over 1.5 million WordPress websites were hacked because they either had not been secured enough or updated.
One of the best ways you can use to improve your website’s security is installing plugins on that will help limit login attempts to your website. Why do this?

Most hackers work with bots, and these bots try to access your site via the main access point, wp-admin. They do this by trying out a lot of combinations of both the username and password until they eventually crack the code. But before cracking the code, most of those combinations will be wrong and this might be an advantage if the site has a way of blocking IP’s that try to attempt login in by using this method.

Here are some of the plugins that can be used to secure WordPress websites by limiting login attempts and cracking down on IP’s that attempt this method of hacking.

1. Login Lockdown
This plugin was developed solely for this purpose as the name implies. Login lockdown records each IP address and the user that tries login into your site and makes a record of such. It also notes down the timestamps of the login attempts and if the specific IP keeps on putting in wrong login details for a specific time-interval, it will be automatically blocked from accessing the website for a certain time period.

To get Login Lockdown, you need to visit the official WordPress plugin repository and install directly from there or alternatively, you can download it from the site and install it manually on your website.

2. Remember me
The Remember me plugin is an important plugin for securing your WordPress site. Basically, the plugin puts a checkbox on the official WordPress login interface that users will have to check if they don’t want to be kicked out every time they close their browser.

The plugin is effective in the sense that robots are used to hack websites and they cannot check the button. So, if the button is not checked, a logged in user will be kicked out after a certain time interval that you can set according to your own preferences.

To get the plugin, visit the official site or alternatively, you can install it from your dashboard by just searching for it in the plugins section.

3. WP Security Questions
This is another effective plugin that can be used to limit login attempts to your website. This plugin is normally used as a fail-safe mechanism because it introduces a second layer of security to your website.
Let’s say, a hacker successfully cracks the password to your website, they won’t be able to access your dashboard until they successfully answer a set of security questions that you would have created.
The plugin is found in the official WordPress repository.


Having a combination of these three plugins is all it takes to make your site more secure. There are also other excellent security plugins like Wordfence and WP-Security that are both very effective and worth a look.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.