Worried about hackers gaining access to your WordPress dashboard? One of the ways you can protect your WordPress site is by limiting the number of incorrect login attempts within a short time period. In our Login LockDown review, you’ll find out exactly how this plugin will help to keep your site secure.
Why You Need to Secure WordPress from Hacking Attempts
WordPress is one of the most popular CMSes (content management systems) on the web — it’s used by about 20% of all websites in existence.
It’s a common misconception that its popularity makes WordPress insecure, but its top-notch security features are actually one of the reasons it’s so popular! While it is open source, many developers work on the project to fix bugs and plug any security leaks and loopholes, releasing new patches all the time.
Used correctly, WordPress is secure right out of the box — but that doesn’t mean it can’t use a boost with security plugins.
Using a plugin like Login LockDown will help to provide an extra layer of security, making your site a much more difficult target for hackers.
Could Your Site Be Vulnerable to Brute Force Attacks?
Hackers use many different tricks and techniques to break into WordPress sites. One of the techniques they use is called “brute force” attacking.
A brute force attack is when a hacker attempts to login to your WordPress dashboard by guessing your password over and over again. They often do this automatically using special software in order to guess different passwords as fast as possible.
This is one of the reasons why security experts caution you to not use the default “admin” username, and to use strong, unique passwords. Our free to use random password generator will come pretty handy for this use case. Brute force attacks usually start with the most common, insecure passwords such as “12345,” “password,” or “qwerty.” Unfortunately, there are still many WordPress users around the web who use these insecure passwords, making their sites vulnerable to anyone who tries to guess their password.
For more details on brute force attacks and how to stop them, see How and Why you should Limit Login Attempts in your WordPress.
How Login LockDown Stops Hackers
Login LockDown puts a stop to these brute force attacks by logging the IP address of every person (or bot) who attempts to login to your WordPress dashboard.
If the same IP address (or addresses within the same range) enters the wrong username and/or password repeatedly within a short period of time, they’ll automatically gets blocked from logging in for a certain length of time.
How to Set Up Login LockDown
Login LockDown is free to download from the WordPress.org plugin directory.
Once you’ve installed and activated the plugin, you can navigate to Settings » Login LockDown to customize the plugin settings for your site.
By default, the settings will lock out any IP block after 3 failed login attempts within 5 minutes, with the lock out lasting for 60 minutes. You can adjust all these numbers within the settings.
You can also choose to automatically lock out anyone who enters a username that doesn’t exist.
Another available option is to mask the error messages. For example, if you enter the correct username “admin,” but type in the wrong password, you’ll get the error message: “ERROR: The password you entered for the username admin is incorrect.”
This type of specific error message is undoubtedly helpful to you, but it’s equally helpful to anyone else trying to force their way into your dashboard!
Using Login LockDown, you can choose to hide these error messages and not give any helpful hints to your attackers.
Finally, you can choose to help out the developer by displaying a credit link on your login form.
Login LockDown vs. WordFence Security
If you’ve seen our WordFence Security review, you’re probably wondering what the difference is between the two security plugins, and which one you should use on your own site.
Well, these two plugins actually aren’t a fair comparison because they have different functions. WordFence is meant to be a complete security plugin, giving you many options and features to protect your site.
On the other hand, Login LockDown is a highly specialized plugin that is only meant to protect your site from brute force login attempts.
You can use both plugins at the same time, or you can use Login LockDown with other security plugins as long as there is no code conflict. Since they work in different ways, using both may help keep your site more secure from brute force attacks.
Other Ways to Keep Your Site Secure
Unfortunately, brute force attacks aren’t the only security issue to watch out for when you own a website.
And while WordPress is designed to be secure out of the box, certain user behaviors can render its security features ineffective.
To keep your site safe and secure, be sure to:
- always update to the latest version of WordPress as soon as possible
- change the default username from “admin” to something unique
- use a strong, unique password for every site you use
- consider changing the default database prefix
For more ideas on keeping your site secure, see these 13 Vital Tips and Hacks to Protect Your WordPress Admin Area.
You should also read out the ultimate WordPress security guide for more details.
When it comes to WordPress security, it’s better to be safe than sorry! You might think that you have nothing to worry about, but every site on the web is a target for hackers.
We believe that Login LockDown is a very useful tool to help protect your site from brute force attacks.
While there are other ways your site may be vulnerable, Login LockDown is very good at its job of limiting login attempts from the wrong people.
It’s very easy to use and has just the options you need — nothing too complicated or confusing.
We give Login LockDown 4 out of 5 stars. Here is the breakdown of our review scores: