Protecting your login form from brute force attacks is an important part of any site security configuration. In this tutorial I’m going to walk you through setting up a lightweight plugin that will protect your site.
Login to your WordPress Dashboard.
In the left navigation hover over Plugins and click on Add New.
In the plugin searchbox type in “loginizer”
This is the plugin we are looking for. It has over one million active downloads and a ton of 5-star reviews.
Click the Install Now button and in a moment when it changes to a blue Activate button click on that.
After it activates you’ll be taken to the Plugins page where you can see that Loginizer is now active.
You’re technically done now but let’s take a quick look at the Brute Force settings for this plugin.
In the left navigation hover over Loginizer Security and click on Brute Force.
At the top of the page is a list of all failed login attempts over the past 24 hours. This information can be helpful if your site is getting attacked.
The next panel down is where you can configure:
- The number of attempts that a user gets before getting a Standard Lockout
- How long the Standard Lockout lasts
- How many Standard Lockouts before a user gets an Extended Lockout
- How long an Extended Lockout lasts
- How long before the number of tries should be reset.
I usually leave all these in their defaults except the Max Retries which I often set at 4 or 5 just so regular users have a chance to remember their password.
If you’ve made any changes save the page by clicking the blue Save Settings button.
You can now logout and try logging into your site with bad credentials. If you trigger a lockout you will be locked out for the amount of time you set so be careful!
I hope you found this quick tutorial helpful. Watch the video if the written directions were a little confusing. Somethings are easier to understand when seen. 🙂