Using Loginizer to Protect Against WordPress Brute Force Attacks

In This Tutorial:

Install Configure Customize

WordPress Brute Force Attacks are a serious concern, especially for popular websites. Installing Loginizer to help add protection from Brute Force Attacks, will increase the security of your website. In this guide, you will learn how to install Loginizer and configure the plugin’s settings to add protection from Brute Force Attacks against your WordPress website.

Install Loginizer

If you are beginning to build your website, Loginizer can be included with a new WordPress installation, by using Softaculous. If you would like to install Loginizer to add protection to your existing WordPress website, you can simply install the plugin from your WordPress Administrative Dashboard.

New WordPress Installation

Softaculous allows you to easily install WordPress with the Loginizer plugin pre-installed! While installing WordPress (using Softaculous) be sure to check the box labeled Limit Login Attempts (Loginizer) to have the plugin included in the installation.

Softaculous Limit Login Attempts Loginizer checkbox checked and highlighted

Existing WordPress Installed

Securing your existing login page is simple, thanks to Loginizer. Following the instructions below, you will learn how to install the plugin from the WordPress Administrative Dashboard.

  1. Log into your WordPress Dashboard.

  2. Plugins: Add New menu option highlighted

    Hover over Plugins and click Add New.

  3. Add Plugins: loginizer in search field highlighted

    Locate the plugin by typing loginizer into the search field in the upper right.

  4. Add Plugins: Loginizer by Raj Kothari Install Now button highlighted

    Click the Install Now button for Loginizer (by Raj Kothari).

  5. Add Plugins: Loginizer Activate button highlighted

    Once installed, click the Activate button to enable the plugin.

Congratulations! You have just completed installing the Loginizer plugin. Now you can continue through the next section of this guide to learn how to configure and customize your settings.

Configure Loginizer

  1. Log into your WordPress Dashboard.

  2. Loginizer Security Brute Force menu option highlighted

    Hover over Loginizer Security from the menu to the left and click to select Brute Force.

  3. Loginizer Brute Force Settings menu Brute Force Settings section title highlighted

    Scroll down to the section labeled: Brute Force Settings.

  4. Loginizer Brute Force Settings fields filled in with values listed in table and Save Settings button highlighted

    Refer to the table below for a description of the options and their recommended values. You can either configure the recommended values listed in the table or else use custom values to optimize the security considering your end-user’s experience. After entering your desired values in each field, be sure to click the Save Settings button within the Brute Force Settings section.

Field Description Value
Max Retries Enter the number of failed login attempts that is acceptable before lockout. 3
Lockout Time Enter the number of minutes you would like the duration of the lockout to be. 30
Max Lockouts Enter the number of lockouts that is acceptable before an extended lockout occurs. 3
Extend Lockout Enter the number of hours you would like the duration of an extended lockout to be. 24
Reset Retries Enter the number of hours you would like the amount of retries to be reset. 24
Email Notification Enter the number of lockouts that is acceptable before receiving an email notification. 1

Customize Error Messages

You can customize the messages displayed for failed login attempts or blacklisted IPs. This helps to add a personal touch to your website. The steps below describe how to modify the default Error Messages.

  1. Log into your WordPress Dashboard.

  2. Loginizer Security Brute Force menu option highlighted

    Hover over Loginizer Security from the menu to the left and click to select Brute Force.

  3. Loginizer Brute Force Settings menu Error Messages section title highlighted

    Scroll down to the very bottom section labeled: Error Messages.

  4. Failed Login Attempt field filled in with error message from example.

    In the Failed Login Attempt field, type your custom error message. This message will appear for the end-user everytime a failed login attempt occurs.

  5. Blacklisted IP field filled in with error message from example.

    In the Blacklisted IP field, type your custom error message. This message will display if a login attempt is made from an IP address that is blacklisted.

  6. Save Error Messages button highlighted

    Click the Save Error Messages button to preserve your changes.

The table below shows the example custom messages entered as well as how they display on the WordPress login page.

Example Custom Message Example Display

“Woops! That does not appear to be a valid username and password. You can try again, but beware, you have “

Custom Error Message example displayed on failed login attempt on WordPress admin login page

“Oh no! Your IP address has been blocked for doing something bad, repeatedly! Please note that your activity is being monitored and logged.”

Custom Error Message example displayed for blacklisted IP on WordPress admin login page

Now that you have configured the Loginizer plugin for Brute Force Attacks you can continue to monitor the logs and take corrective action as needed. Be sure to check out our advanced guide to learn how to blacklist and whitelist IPs using Loginizer.

Thoughts on “Using Loginizer to Protect Against WordPress Brute Force Attacks

  • Fantastic website. Lots of useful info here. I’m sending it to some friends ans additionally sharing in delicious. And obviously, thank you on your sweat!

     

  • I am really happy to say it’s an interesting post to read . I learn new information from your article , you are doing a great job . Keep it up

     

Was this article helpful? Let us know!