Limit Login Attempts
Posted by Mitch Mitchell on Dec 16, 2009
One of our new friends around here is Udegbunam Chukwudi, and he writes a blog called StrictlyOnlineBiz.com. I followed one of his links to his blog to take a look around, and I think he writes a pretty nice blog, so I hope you check it out.
One of his posts was called Secure WordPress Plug-ins, and he gave us 10 WordPress plugins to help us make our WordPress blogs secure. The first one is the one that caught my eye.
The plugin is called Limit Login Attempts, and its purpose is to dissuade those bad folks who know how to write software that can take its time in trying to break both your username and password. As I keep coming across more and more folks who have had their blogs cracked, including some of the big boys, I read that what happens is these weasels somehow figure out your username and password, get into your blog, and that’s that folks.
It made me remember that two of our other friends had their blogs hacked. Peter Lee had written about it last year, though it may not have been the same way, and Yan of Thou Shall Blog also had his blog hacked, and they did figure out his username and password.
The thing is, most of us are too lazy to change our username from Admin. I know I’m bad at this, yet I keep thinking my password is unique enough that it should protect me. But if someone automates software, then I’m gone just like many other people would be. Thus far, the best thing about not having thousands of subscribers is that I figure I’m still under the radar. Then again, I bet Yan and Peter both thought the same thing at the time.
I decided it was time to add a bit more protection to my blogs, so I went to that page, read about this plugin, and decided I liked what it had to offer. The download takes almost no time, and I uploaded it to all my blogs at the same time. But I tested it on this one, just to make sure it wouldn’t mess up my dashboard; it didn’t.
You get to make a couple of decisions with your settings. The first is how many login attempts you’ll allow before it shuts down for a certain number of minutes. It’s defaulted to 4, so I left that alone. The second is how long you want to make people wait before they can try it again. The default is 20 minutes, and I kicked that up to 30 minutes. The next 3 I left alone because I have absolutely no idea what any of it means. The last thing is after how many tries you want to be notified that someone has failed to login. It was defaulted to 4, and that made sense so I left it alone.
I now feel that I have an extra layer of protection, and that will help me sleep better. Of course it’s no substitute for making sure to back up your blog every once in awhile, but it does give an bit more peace to my mind. I think it’s a good idea; y’all should take a look at it yourselves.