Let’s face it. If your admin account is somehow compromised, you are going to find yourself in big trouble. It does not matter how it happens. Your goal should be to make it as hard as possible for others to mess with your site. You may have not noticed this but people do attack WordPress login pages using malicious script and web bots. Limiting the number of times people can make incorrect attempts on your login page not only stops brute force attacks, it helps you identify IPs that need to be banned.
The good news is you do not have to monitor your login pages by yourself. There are a few plugins that can handle the job well. Here are 5 plugins that enable you to limit the number of login attempts on your site:
Limit Login Attempts: one of the best plugins in this category. It not only monitors the number of incorrect login attempts made, it also locks out people who are being too persistent. It logs IPs so you can ban the ones that deserve to get the hammer.
User Locker: another plugin you can use to keep your site safe against brute force and dictionary attacks. It locks dubious accounts and reduces the number of times people can play with your login page.
Better WP Security: makes your website secure by closing multiple security holes in one shot. It limits admin access to a range of IP addresses. Better WP Security allows you to lock down your site and ban brute force attackers.
Login Lock: gives you the chance to get a better handle on your login area. It enforces strong password policies. It also blocks IP addresses with too many failed login attempts. Login Lock allows you to log out all users and force them to change their passwords.
Hide Login: one of the best ways to reduce the # of incorrect login attempts is by hiding your login page from hackers. Use the “hide mode” to prevent access to wp-login.php. This way you can use custom login URLs for people you know.
Limiting login attempts in WordPress is not the only thing you need to do to secure your website. But it helps stop brute force attacks. Every little anti-hack measure you implement counts in the end.