So Far So Good With Limit Login Attempts

It’s been a little while since I’ve installed the Limit Login Attempts plug-in that I’ve reviewed here and so far, it’s worked as advertised. Since May 15th, I’ve had 11 failed attempts to log into the back-end of WPTavern.com. Three of those occurred on July 24th. 10 out of 11 attempts used admin as the user-name while one attempt used a blank user-name field.

I think everyone should have this plug-in installed on their site or something like it. It’s pretty important to be notified of an IP address trying to crack the password into the back-end of your site although I find it odd that I have yet to see a user-name deviate from admin which leads me to believe that the attempts have been made by bots, or some type of automated script.

10 Comments


  1. It would be a lot safer if you just IP restricted the /wp-admin/ folder, that’s what we’re doing for the corporate blog I just created. In fact, you even have to be on the internal VPN to access it now…just to be extra safe :)

    Report


  2. I was looking into downloading one of these plugins. Knowing the IP, do you block them through htaccess or another way, or something? Just curious.

    Report


  3. Just installed it – let’s see if somebody is looking after my wp-admin directory.

    Report


  4. @Jonathan
    Thanks.

    Funny thing happened. After I installed it and decided to finally change my sn from “admin” to something else this plugin locked me out for an hour for that. Go figure! =) Working fine now.

    Report


  5. I actually released a plugin a few months back called Naughty Monkey that you might find useful Jeff. The name is meant to be more humorous than descriptive, so here’s the gist of what it does. The premise is that you’ve changed the default administrator account to use something besides “admin” (the plugin checks that you’ve done this and doesn’t operate if the “admin” account still exists). If a user tries to log in with the “admin” user account, their IP is automatically added to a list of banned IPs. Here’s a link if you’re interested.

    http://www.itsananderson.com/plugins/naughty-monkey/

    Report


  6. Been using it for almost a year and love it. It pains me that about 1/3 of my plugins are security related but we really have no choice. :)

    Report


  7. I think this plugin should be built into the wordpress core. It’s an excellent plugin.

    Report


  8. installed it the other day and already caught one of the same 194.20.144.230, i am just going to restrict it by ip address now.

    Report

Comments are closed.