This tutorial explains how to:
This article describes how to secure your login page. You can learn how to install and set up Login LockDown to secure your WordPress website.
NOTICE: Login LockDown for WordPress is just one way to secure your website. Check out the many features WordPress Hosting by InMotion Hosting includes supplementing security for your website.
Install Login LockDown
Login LockDown for WordPress is a lightweight security solution that protects your login page. If your website is susceptible to Brute Force Attacks, and you have many users that log into your website, this plugin will be the best solution. Unlike other methods that hide your login page, this plugin secures the login form while allowing access to your users.
IMPORTANT: If you are currently experiencing a Brute Force Attack, please refer to our guide WordPress Login Temporarily Disabled – FIX to regain access to your WordPress administrative dashboard. Once you have regained access, then you can follow the instructions below.
- Log into your WordPress administrative dashboard.
- Navigate to Plugins > Add New.
- In the “Search plugins…” field, begin typing login lockdown.
- Login LockDown by Michael VanDeMar should appear as the first option. Click on the Install Now button to initiate the installation.
NOTICE: The button text changes with the status of the installation. The installation is complete once Activate displays inside the button.
- Click the Activate button.
Now that you have installed and activated the plugin, you can begin to set it up. The next section describes the settings and how to configure the plugin to secure your WordPress login page.
Set Up Login LockDown
There are only a few settings for this plugin. The settings dictate how many failed login attempts will trigger the plugin to block the offending IP address temporarily. You will need to adjust these settings regularly, based on the protection your website requires.
- Log into your WordPress administrative dashboard.
- Navigate to Settings > Login LockDown.
- Make your selection and enter the values you want to customize in the available settings. Refer to the table below for more details about each setting.
- Click the Update Settings to save your changes.
Name | Description | Default Value |
Max Login Retries | Enter the number of failed login attempts within the “retry time period restriction” allowed before triggering a LockDown. | 3 |
Retry Time Period Restriction | Enter the amount of time (in minutes) to determine the rate of failures allowed before triggering a LockDown. | 5 |
Lockout Length | Enter the amount time (in minutes) for the LockDown to last for. | 60 |
Lockout Invalid Usernames | Select whether using a username that does not exist will trigger a LockDown. | No |
Mask Login Errors | Select whether you would like to show the reason why a login attempt failed. | No |
Show Credit Link | Select whether you would like to display a link to give credit to the creator of this plugin. | Yes, display the credit link. |
Congratulations, you did it! Now your WordPress login page is protected from Brute Force Attacks while allowing valid login attempts.