WordPress is one of the most vulnerable platforms when it comes to blogging, as most of the hackers pass through the login page and play with the internal pages and stuff. Sometimes, when you login to your blog’s admin section from a shared computer, the other user might always try to check what’s in, although you have logged out.
When it comes to places where you need to enter your password, you should always be careful and try to make things more secured. For the security of WordPress login pages, you can use this wordpress plugin named Login Lockdown. This is a cool plugin that blocks users from trying to login multiple times with different passwords.
What the plugin does is, that it records the IP address of every failed attempt of login into the wordpress wp-admin section. The timestamp of the failed login is also recorded. If multiple attempts are being done, then the login attempt is then blocked for a certain time frame from that IP range.
Here are the functions that the Login Lockdown options can change –
- Change the number of Maximum login entries
- Retry Time Period Restriction – In Minutes
- Lockout Length – In Minutes – The time for which login can’t be attempted
- Lockout Invalid Usernames?
- Mask Login Errors?
The default time for which the lockout is done, is 1 hour. And the minimum login attempts within a time frame of 5 minutes is 3. All the functions can be changed manually through the Options panel of plugin. The locked out IP address ranges are listed in the options page, and you can choose to release the locked out IP addresses.