How to Protect your Blog from Hackers by using Limited Login Attempts Plugin for WordPress

If you haven’t already come across the Limited Login Plugin for WordPress then allow me to share it with you. This plugin is an absolute godsend, and for me one of the most essential plugins to have in your arsenal of plugins as far as I’m concerned and here’s why…

Over the recent of months I’ve paying close attention to IP’s and login activity and failed attempts made on Magnet4Marketing all thanks to this clever plugin. I already have a list of the genuine IP’s, mainly my guest writers that I keep in my log file on my desktop, just for my own records so that I don’t confuse them with hackers.

Anyway the Limited Login Attempt plugin for WordPress is a great plugin. It works straight out of the box, plug and play style and offers the avid WordPress user some cool options for setting up a security feature in the WordPress admin or contributor login area.

Let’s take a look at some of the options –

LLA Options

Statistics – The stats displays the number of limited login attempts made since the last reset.

The options are pretty much self-explanatory, and perhaps the coolest option is the allowed retries. Be very careful with this when configuring your settings, ensure you enter your own password carefully when logging in, last week I had the joy of having to wait 24-hours to log back into my blog from the result of entering my password incorrectly three times… my fault really as I set the lock out duration to 24-hours. :)

Another great feature of this plugin is the site connection IP and IP log.

You can see your own IP in the site connection area, and in the IP log area you’ll be able to access the list of IP’s that has attempted to log into your blog with incorrect login details and therefore reached your lockout limit.

You can set the lock out duration to anything you want from 1 hour to let’s say a week… but I’m sure you wouldn’t want to go to that extreme :)

What to do if someone is persistent in trying to log into your blog.

What you can do with the IP’s in the IP log is, if they continue to bombard your blog with failed login attempts and inevitably get locked out, is to actually block those IP’s from access your blog altogether by adding them to your IP Deny Manager file in your web hosting cPanel. Once added you will begin to see less and less of those unwanted forum spammers trying to hack into your blog, take action now to add some extra security to your blog, download the plugin here it’s completely free, enjoy.

About Fabrizio Van Marciano

Fabrizio Van Marciano is the founder and editor of Magnet4Marketing Blogging and Online Business Tips. You can learn more about him here and follow him on -
Google+ | Twitter | Facebook | LinkedIn | Personal Blog

  • Raj

    I am sure this is a very useful service, and will keep amateurs out. But professional hackers can change their IP address very frequently. Anyway, the restriction on the maximum login attempts would be very helpful because mostly its automated bots that circle around doing such tasks.

  • Samantha Wright

    You’re right Raj, I realise that there are those out there that know what they’re doing to try and exploit and destroy our hard work, but essentially this plugin is a useful deterrent hopefully. That combined with, always keeping your version of WordPress and theme updated and having a solid internet security in force should help keep things tight. I know there are lots’ of other things one can do to secure their WordPress sites further.

  • Kevin Dorival@SEO Services, SEO Fort Lauderdale, Affordable SEO

    I wish that it was that easy because our site got hacked multiple times. The best route we figured was to keep our site updated by keeping our plugins up to date. Along with keeping the WordPress version up to date as well. This has worked out well with our boastingbiz site.

    • Fabrizio Van Marciano

      Keeping everything up to date including the theme and plugins is something that every webmaster, blogger should be doing in any case :)

  • SEO and Social Media Blog

    Nice little plugin, but i’ve never had any problems with that, why don’t you just keep registration off? And i agree with the earlier comment, hackers surely change their ip’s many times per day! Thanks for sweet post, i will kep that in mind if i ever have that problem! :-) Cheers

    • Fabrizio Van Marciano

      Thanks for dropping by, I have always had registration turned off but it doesn’t stop login attempts from happening. During the month of November there were 24 lockouts and many of the IP’s which I’ve now blocked have not come back on a different IP so I imagine those amateurs aren’t really bothered with changing their IP’s, I think they’re just out and about hoping to get an opportunity. The plugin nevertheless is sweet; at least the limited login and retry delay will help to deter further or consistent attempts.

  • Mark Nett

    IP block may work upto some extent only.Talented hackers go beyond that.For me registration should be turned off & WordPress should be updated to the latest version& install only the plugins that are tried & tested & free of security holes.

  • Cristina Ansbjerg

    Thanks for this post. I already had the plugin installed and working but I didn’t know I could block IP’s from Cpanel. I was trying to edit my htaccess (since the hackers trying to break in my sites are using the same 5 IP’s all the time). But I got 403 error all the time.
    Blocking IP’s from the Cpanel is much easier.

    Thank you very much!

    • Fabrizio Van Marciano

      Hey Christina, yeah this method is much simpler for me to as I’m not savvy enough to start playing around with my htaccess lol