Someone has been trying to brute-force attack my site lately (guessing my username and password) and so I thought I’d share the plugin that is blocking them and also letting me know that it’s happening: Limit Login Attempts. After a configurable number of log in failures, the plugin blocks the IP from attempting to log in for a configurable amount of time. Super handy. 🙂
Plugin hasn’t been updated in a long time (2 1/2 years), and some forum reports that it doesn’t work right anymore… but it sounds useful!
Works fine here. 🙂
This plugin was last updated 25th August 2011, I think you’re confusing it with Login Lockdown which hasn’t been updated since 2009.
Indeed, that’s what happened. 🙂 thanks!
You could do achieve the same thing by editing your .htaccess file. I’m guessing this plugin does this anyways so it won’t make a difference how it does it.
Also, it hasn’t been updated for 172 days which I’m pretty sure is less than 2 1/2 years. 🙂
Pingback: Update On My Use Of Limit Login Attempts
Do you still use the Bad Behavior plugin? I wish Limit Login Attempts had an automatic way to permanently ban persistent IP’s.
Nope, I gave up on Bad Behavior a long, long time ago. Too many false positives and Akismet has come a long way. It catches 99.9% of my spam.
Yes, Akismet is getting better and better at catching spam.
What about protecting your site from other sorts of malicious attacks? Do you recommend any other firewall-type plugins?
Nope, I just make sure to run the latest version of WordPress. That’s plenty.
This pluginis great, I use it on all my blogs.