Webfiki Security Tip #1:
Limit Login Attempts

This is the first post in a series of short articles that we will be releasing aimed at giving small business owners quick and effective ways to drastically improve the security of their WordPress website.

The first of these articles will focus on the metaphorical front-door of your website, also known as…your login page!

wordpress login page example
In particular, we will be outlining a few simple ways in which you can transform your front door from the WordPress default, which in door terms is basically a piece of plywood with a big ‘X’ on it, to something that is strong, sturdy and hard to find.

Our articles will be based around the three pieces of information that a hacker needs to gain entry to the dashboard of your website. These are:

1) Your username

2) Your password; and

3) The location of your login page

The First Issue

By default, WordPress allows unlimited attempts to login to your website. This makes WordPress sites particularly susceptible to ‘brute force attacks’.

To continue with the door analogy, a ‘brute force attack’ is essentially a person rolling up to your front door with a magical locksmith that can produce keys almost instantaneously and then trying each key in your door until it opens. In real world terms, it is a piece of software that runs through an extensive dictionary of possible password and username combinations until it strikes the right combo.

What this means is that at some point, the hacker is going to get in. It’s not a question of ‘if’ but ‘when’.

The Solution

Luckily there’s a very simple and free solution to this problem – install a plugin! In this case the plugin we would recommend is Limit Login Attempts Reloaded.

This is one of our favourite plugins here at Webfiki and featured in our article on the top 7 plugins that we think every small business needs. The reason for this is because it’s such a simple plugin and yet the security benefits of installing it are so massive that to not install it (or some similar plugin that does the same job) is just suicidal.

As the name suggests, this plugin limits the number of times a visitor can attempt to login to your site before being turned away. It’s like a bouncer for your metaphorical front door.

Limit login attempts reloaded settings page

Simply install it, activate it and then go to the settings page to configure the number of times you want to allow a visitor to try a login and how long they will be locked out for if they get it wrong.


And that’s that! The likelihood of falling victim to a brute force attack is now much diminished.

Your door is still a piece of plywood with a big X painted on it but at least you now have a bouncer out the front to limit the number of times a person can come up and try to kick it down.

If you would like to learn how to start securing the door itself, stay tuned for our next article, which will be released next week, on how to change your username to something more secure than ‘admin’.

Plug Time

Do you ever find yourself thinking…’Man, I am so busy. If only there was someone I could offload all this website stuff to so that I can focus on the rest of my business…ideally someone who charged a reasonable hourly rate and knew what they were doing”?

Well then today is your lucky day! Because that is exactly what Webfiki aims to do. With the majority of our services priced at a shockingly reasonable $25/hour you’ll be able to breathe easy knowing that both your website and your bank account are safe.

So have a look at our services today and if you like what you see, click that big orange ‘Get in Touch’ button at the top of the page so we can start making your website into the stress-free moneymaker that it should be.

Leave a Reply

Close Menu