WordPress Brute Force Attacks are a serious concern, especially for popular websites. Installing Loginizer to help add protection from Brute Force Attacks, will increase the security of your website. In this guide, you will learn how to install Loginizer and configure the plugin’s settings to add protection from Brute Force Attacks against your WordPress website.
Install Loginizer
If you are beginning to build your website, Loginizer can be included with a new WordPress installation, by using Softaculous. If you would like to install Loginizer to add protection to your existing WordPress website, you can simply install the plugin from your WordPress Administrative Dashboard.
New WordPress Installation
Softaculous allows you to easily install WordPress with the Loginizer plugin pre-installed! While installing WordPress (using Softaculous) be sure to check the box labeled Limit Login Attempts (Loginizer) to have the plugin included in the installation.
Existing WordPress Installed
Securing your existing login page is simple, thanks to Loginizer. Following the instructions below, you will learn how to install the plugin from the WordPress Administrative Dashboard.
- Log into your WordPress Dashboard.
-
Hover over Plugins and click Add New.
-
Locate the plugin by typing loginizer into the search field in the upper right.
-
Click the Install Now button for Loginizer (by Raj Kothari).
-
Once installed, click the Activate button to enable the plugin.
Congratulations! You have just completed installing the Loginizer plugin. Now you can continue through the next section of this guide to learn how to configure and customize your settings.
Configure Loginizer
- Log into your WordPress Dashboard.
-
Hover over Loginizer Security from the menu to the left and click to select Brute Force.
-
Scroll down to the section labeled: Brute Force Settings.
-
Refer to the table below for a description of the options and their recommended values. You can either configure the recommended values listed in the table or else use custom values to optimize the security considering your end-user’s experience. After entering your desired values in each field, be sure to click the Save Settings button within the Brute Force Settings section.
| Field | Description | Value |
|---|---|---|
| Max Retries | Enter the number of failed login attempts that is acceptable before lockout. | 3 |
| Lockout Time | Enter the number of minutes you would like the duration of the lockout to be. | 30 |
| Max Lockouts | Enter the number of lockouts that is acceptable before an extended lockout occurs. | 3 |
| Extend Lockout | Enter the number of hours you would like the duration of an extended lockout to be. | 24 |
| Reset Retries | Enter the number of hours you would like the amount of retries to be reset. | 24 |
| Email Notification | Enter the number of lockouts that is acceptable before receiving an email notification. | 1 |
Customize Error Messages
You can customize the messages displayed for failed login attempts or blacklisted IPs. This helps to add a personal touch to your website. The steps below describe how to modify the default Error Messages.
- Log into your WordPress Dashboard.
-
Hover over Loginizer Security from the menu to the left and click to select Brute Force.
-
Scroll down to the very bottom section labeled: Error Messages.
-
In the Failed Login Attempt field, type your custom error message. This message will appear for the end-user everytime a failed login attempt occurs.
-
In the Blacklisted IP field, type your custom error message. This message will display if a login attempt is made from an IP address that is blacklisted.
-
Click the Save Error Messages button to preserve your changes.
The table below shows the example custom messages entered as well as how they display on the WordPress login page.
| Example Custom Message | Example Display |
|---|---|
| “Woops! That does not appear to be a valid username and password. You can try again, but beware, you have “ |  |
“Oh no! Your IP address has been blocked for doing something bad, repeatedly! Please note that your activity is being monitored and logged.” |  |
Now that you have configured the Loginizer plugin for Brute Force Attacks you can continue to monitor the logs and take corrective action as needed. Be sure to check out our advanced guide to learn how to blacklist and whitelist IPs using Loginizer.
Fantastic website. Lots of useful info here. I’m sending it to some friends ans additionally sharing in delicious. And obviously, thank you on your sweat!
I am really happy to say it’s an interesting post to read . I learn new information from your article , you are doing a great job . Keep it up