Support article
Limit login attempts from unauthorized users in WordPress
One of the most-used techniques to hack your website is brute force: trying over and over to get in using usernames and passwords taken from...
One of the most-used techniques to hack your website is brute force. In other words, trying over and over to get into your website using usernames and passwords taken from dictionary words. Surprising as it may seem, this technique yields good results for the attacker.
To counter this threat, you must block any user who fails to log in several times in a row. It’s similar to what bank ATMs do. They give you 3 attempts to enter a credit card’s PIN, and if you fail all three, there are no more options. You should act the same way with your website. After 3 failed attempts, block the attacker’s IP so they can’t access your site.
Whenever you install WordPress, make sure to immediately install a security plugin. We recommend Wordfence.
Once installed, in the options, limit the number of failed access attempts to your admin area. This will prevent your site from being overloaded and from getting hacked through trial and error.
If you need help installing the security module, let us know and one of our technicians will install it for you.