Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.
The plugin is easy to install and can be used out of the box without reconfiguring the default settings. I've found this is one of the easiest ways to prevent a brute force attack and is a great alternative to other security plugins that alter the wp core. I use this plugin on all my sites.
and after having collected bad ips for a longer time, i will now install http://wordpress.org/extend/plugins/wp-ban/ to ban them
Just install and activate, the default settings are reasonable.
For a long time, this plugin has been proven to prevent WP sites from hack attempts logging in with easy to guess user names and passwords.
The recent massive brute force attacks againts WP should be a sign to consider merging this plugin into WP core
Simple to get running and highly effective. A great security tool for any WordPress site!
Does one thing, good.
Thank you! Works effortlessly.
I installed this after my ISP sent out a message to all the hosting clients that there were repeated Brute Force attempts on all WordPress installations.
I feel a better knowing this is installed.
I just got an email (tip) from Laura Betterly today.
She advised everyone who has a WP installation to get this plugin. Of course, I have been using it on all my installs for many months and as pointed out by nearly everyone on this forum, it works without flaw.
I also agree that it should be part of the WP core but since it's not, it's doing just fine as a standalone plugin.
I highly recommend this plugin for anyone who wants to keep their WP installation safe and as Laura and other here have pointed out, stop using admin as a username.
Doing that in combination with this plugin will thwart 90% of attacks especially by humans.
If their mission is to gain access to your dashboard, they will find themselves in a bit of a box when the obvious admin username try fails.
If you leave the plugin as configured, they will only have 3 more 'at bats' which they will quickly waist and expose themselves as hacker who should be IP banned (I do as soon as I get their IP from the log).
You must log in to submit a review. You can also log in or register using the form near the top of this page.