Wordpress allows any number of attempts at login, so if somebody is trying to do a brute force dictionary attack onto the admin section of your site, at some point, they may suceed. But the basic issue is, why are you making it easy for hackers to do so; you should set a limit on the number of times a wrong login can be attempted on your site. Here is a plugin called 'Limit Login Attempts' that allows you to do this. Get it from this page (link)
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Features:
Limit the number of retry attempts when logging in (for each IP). Fully customizable
(WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
Informs user about remaining retries or lock out time on login page
Optional logging, optional email notification
Handles server behind reverse proxy
No comments:
Post a Comment