Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.
A US government warning published in April, 2013 states that "WordPress Sites Targeted by Mass Brute-force Botnet Attack" (Cf. http://1.usa.gov/176KLH4).
I have watched these botnet attacks hammer my own blogs for months and I am glad I found the LIMIT LOGIN ATTEMPTS plugin. It seems to help tremendously.
I would, however, like to see a "whitelist" option so that I can separate known, trusted "good" IP addresses from the rest. Once in a blue moon my own cookies get messed up and I cannot login to a blog. If I forget the password, this plugin blocks me.
To get around that I have to remove the plugin (as a server admin) and then login to the blog and then reinstall the plugin. I would just prefer to have a whitelist capability.
I do like the way I can extend jail time for bad IP addresses. Being able to change the parameters helps to block further attempts from new addresses that get out of jail before I can block them in my firewall or .htaccess files.
Another nice feature to have would be an EXPORT function. The botnets can be so aggressive that you compile thousands of IP addresses in a short time under a sustained brute force attack. Trying to capture all that data with standard COPY-AND-PASTE is tedious. I need to analyze the IP addresses in a spreadsheet so I can find patterns.
It's an essential plugin if you want security in your WordPress.
Works like a champ. No extra fancy stuff, just does the job. Period.
It locks out about 800 brute-force attacks per day, a absolute essential tool.
No problems found so far, Thanks a lot for this plugin!
This plugin needs to allow users to exclude their own personal IPs so that they will never be locked out of their own WP site.
Also, I've found that the plugin recently has started locking me out on my own PC after a single failed login instead of the five attempts I've configured. It's quite frustrating.
It will be great if there is a field to compose custom email message.
I have 3 blogs hosted and when an alert comes it becomes difficult to find out which blog breached the login attempt.
I have to login to all 4 blogs to check.
Hope this makes sense.
This is one of the first plugins you should install and activate. Since installing it on a WordPress installation I haven't even begun using yet, this plugin has blocked nearly 600 attempts to brute force my site. Not only does it lock them out, but also records the IP address and lets me see what user accounts are being targeted. This is definitely a security tool that should be in every WordPress admin's arsenal.
I also highly recommend the "Google Authenticator" app to work alongside this one.
Folks, this plugin is really awesome!!! I am using it on my website and so far so good, hits with invalid login attempts are reduced!!!
I was surprised how many invalid login attempts happened on my blog, even though it is far from being super successful so far.
It is scary to see how many people will try to get to it anyway.
This plugin is a great deterrent.
While it's quite boring sorting your site's security out, it's also quite important. After putting off the job for long time, I ended up installing this plugin on my site, since which time it's warded off a worryingly high number of attacks! I am going to take security much more seriously in the future, but this is definitely a step in the right direction.
You must log in to submit a review. You can also log in or register using the form near the top of this page.