Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I’ve moved your topic to How-To and Troubleshooting. That Hacks sub-forum is for coding, not this.
I keep getting locked out of my own website admin functionality due to repeated hack login attempts, either by bots or individuals.
Auto lockout failed attempts is not a good idea because it locks out legitimate users. There are 2 solutions.
1. Use a plugin to deal with brute force attacks.
The Jetpack plugin has a Brute Protect option and compares the IP address of the person logging in to a dynamic database of source IP addresses collected from other WordPress installations.
It does more than that but if someone was attempting to log into my site (I use the plugin) and then they went to your site and you activated that option, then they would be blocked from your site as well. It does that without locking our real users.
https://wordpress.org/plugins/jetpack/
There are other plugins.
https://wordpress.org/plugins/search.php?q=brute
2. Enable two factor authentication for critical users.
In addition to Jetpack I also use this plugin.
https://wordpress.org/plugins/two-factor/
I enabled it for my account only using Google Authentication as the primary method and email as the backup. I do not enable that for all users because the first plugin protects them. I did enable it for my admin account because even if my password is somehow intercepted the two factor will prevent them from getting in.
