Skip to content
Help Center

Limit login attempts to block unauthorised users in WordPress

One of the most common techniques used to hack websites is brute force. To counter this threat, you must block any user who fails login multiple times in a row.

One of the most common techniques used to hack websites is brute force — that is, repeatedly trying to log in with usernames and passwords taken from dictionary word lists. As surprising as it may seem, this technique yields good results for attackers.

To counter this threat, you must block any user who fails login multiple times in a row. It is similar to what ATMs do. They give you 3 chances to enter your PIN, and if you fail all three, no more attempts are allowed. You should do the same with your website. After 3 failed attempts, block the attacker's IP address so they cannot access your site.

Whenever you install WordPress, make sure to immediately install a security plugin. We recommend Wordfence.

Once installed, configure the options to limit the number of failed login attempts to your admin area. This will prevent your site from being overloaded and protect it from being hacked through trial and error.

If you need help installing the security module, let us know and one of our technicians will install it for you.