Some posts ago, I was talking about how there was a surge of login attempts to my blog. The majority of the attackers were from Netherlands and on second place were bots from Russia, the US ranked at 3rd place. A fellow blogger, commented that he receives a daily dose of login attempts also coming from the Netherlands. He was using a plugin to limit login attempts. The plugin is aptly named limit login attempts.
Limit Login Attempts
I have been searching for a way to handle these login attempts so I thought I’d give this security plugin a try. It was good and did exactly what it’s supposed to. In my case though, there appears to be a curious message on the settings page that I can’t figure out, it says “Current setting appears to be invalid”. I’m not really sure what that means but the plugin still works as expected.
I searched the plugin directory to see if there was a similar plugin that works the same way but has more features. Apocalypse Meow turned out to be exactly what I was looking for. Aside from the limits imposed on failed login attempts it also has the option to leave a personal message for the failed attackers. Although I’m pretty sure that only bots would see it 99% of the time, it was a nice feature nonetheless.
The plugin also has a feature to remove the WordPress Version Generator which may act as an invitation to would-be-attackers. Both Limit Login Attempts and Apocalypse Meow work very well. The only difference is that Limit Login Attempts is a more lightweight version. Apocalypse Meow is relatively new and was added just recently to the plugin repository. We’ll see how it progresses.
If you use CloudFlare, you can easily block bot login attempts using Page Rules.