This one is a freebie. If you want to learn the basics of becoming an online freelance writer, download So You Want to Be a Freelance Writer (also available in Kindle format).

Another Favorite Plugin – Limit Login Attempts    

Deter HackersI can’t believe this wasn’t on my list of favorite WordPress plugins (I’ve since modified the list to include it).

I first installed the Limit Login Attempts plugin some time ago but after forgetting my password a couple of times I disabled it. You see, with so many blogs I don’t always update all of the passwords at the same time. So, by inserting an incorrect password one too many times, I would end up locking myself out of my own blog. Not fun!

Change of Heart

I recently decided to reinstall the Limit Login Attempts plugin. After looking at my traffic logs. I found quite a few IP addresses accessing my WordPress Login screen. It doesn’t take a rocket scientist to figure out why someone besides me is spending time on my Login screen.

By installing the Limit Login Attempts plugin, I’m able to add a layer of protection between would-be hackers and my blogs. The plugin allows me to set the number of login tries before being locked out. I can also configure it to notify me after a pre-set number of lockouts. Some blogs I set the number to 1 and other blogs to 2.

Several Tier Lockout

After a lockout, the hacker, er I have 60 minutes or so before I can try again. I’ve actually increased the lockout time to about 6 hours. After that, if anyone gets locked out again, the lockout time is increased to several days. In the meanwhile the plugin logs the IP address and the username used when attempting to login.Limit Login Attempts

Oh, and to get around being locked out because I forgot the password, I created a second login username and password that is impossible for me to forget. Therefore, if I happen to lock myself out using username #1, I can always use username #2 to gain administrative access and reset the lockout.

Security Layer Number 2

Because my blogs are hosted on HostGator, HostGator provides a feature in their control panel called IP Deny Manager. By adding the questionable IPs to IP Deny’s list, those IPs are denied access to all of my HostGator sites. So, at the end of the day when I receive all of my “too many login attempts” notifications, I gather the IP addresses, log into my HostGator account and add the IPs to the list so those particular hackers won’t be able to access my sites again.IP Deny Manager

This is not foolproof because if someone truly wants to hack in, they will, but I can’t just sit idly by and watch them gain access to my sites.

A Little Advice

After installing a new blog, always change the username from the default “admin” to something a little less predictable. Each hacking attempt tried using “admin, Admin or webmaster” as the user name.

Maintaining a blog is sort of like gardening. No matter how much you care for your garden, weeds are always ready to take over. You have to weed out the online hackers just as you have to pull weeds from your garden.


Related Posts Plugin for WordPress, Blogger...
Bookmark and Share

Filed Under: PluginsWordPress

About the Author: Felicia A. Williams is a freelance writer and blogger. She spends the majority of her time with her family and writing. If she's not writing or commenting on NJFM, she's either outside smelling the roses or writing articles for one of her other sites which include Tidbits and Stuff, BLULOW, A Dose of Health and a few other sites/blogs scattered around the internet.

RSSComments (10)

Leave a Reply | Trackback URL

  1. That’s a good plug in, I use it with my sites. I have too many passwords to remember, so I use 1Password, so that takes care of that issue. I’ve been using that application for the past five years or so.

    It does more than store/create passwords for you, but initially it’s the main reason I purchased it. At the time, it was only available to Mac users, since that time they’ve created an application for Windows users.
    Opal @ Celebrate Life recently posted..Creating a meal from leftovers; Chicken fried rice

  2. Laura says:

    That is great review and tip on using the plug-in. It always pays to be prepared. It is scary how many hackers who are searching for unprotected sites.
    Laura recently posted..DTS Home

    • Felicia says:

      I’ve also found that by installing WordPress in a directory other than the default, it seems to slow hackers down.

      I have a couple of blogs where I installed WP in a different directory and those are the only blogs without unauthorized login attempts.

  3. L.M. says:

    I’ve locked myself out as well because I have a really strict setting. After the 2nd failed attempt, it is like a month before they can retry….LOL

    I also immediately put the IP Deny Manger in Cpanel.

    If I accidentally lock myself out. I simply log into Hostgator and go to the files section (I can’t remember the exact path)and delete the entire plugin from the plugins file for the particular site that I’m locked out of. Takes only a minute to do that.

    This allows me to immediately log in to my WordPress Admin. The plugin has been removed, therefore I’m no longer locked out. I then go and install the plugin the same as I would any plugin. Again, takes only a minute and I’m back in business.

    • Felicia says:

      L.M., like you, I’ve changed my settings so the offenders don’t come back so quickly.

      Uninstalling and re-installing the plugin works too, however, I’ve gotten real lazy. I try to minimize my clicking by setting up a “no-brainer” default user/password. It’s one that’s very difficult for anyone to guess but beyond easy for me to remember.

      So, when I set up a new WordPress installation, I end up deleting the default “admin” account and creating two more. One that I use all the time for posting (provided I don’t lock myself out by forgetting the password), and the other is only used just in case I lock myself out.

  4. Samantha says:

    Great tips! I get so focused on writing that I never think about these more practical necessities. Thank you!
    Samantha recently posted..The evolution of man or lack thereof

    • Felicia says:

      Samantha, I’m like you. My recent break from writing gave me time to explore a whole lot of other things. One of the things I found out was that folks are spending an awful lot of time trying to hack into WordPress sites.

      I’ve since made modifications to my Limit Login settings. Instead of getting notified of every lockout (there are just too many to manage), I’ve decided to hold off on notification until the second lockout. Additionally, instead of logging into my HostGator cpanel to use IP Deny, I insert the IP into another favorite plugin, WP Ban. This way I can ban them within the WordPress interface.

      Also I increased lockout times all around so the offender doesn’t come back so quickly.

  5. Crystal says:

    Once again, Felicia, I find out how little I know. Have you thought of writing an ebook (not a freebie, of course) detailing your blog management techniques? With your clear writing and methodical approach, it would be invaluable to folks like me! Maybe you could just recycle previous posts for most of the content? I know there’s a wealth of info here on NJFM, but for those of us who don’t even know what we need to know, it would be so cool to have it all in one place. What do you think?
    Crystal recently posted..Read Memories for FREE!

    • Felicia says:

      Crystal, I’ve been thinking of that. I’ve been brainstorming how to share the NJFM info in an organized fashion.

      Actually I have a few more free books that I’m considering.