Limit number of WordPress Login Attempts

Some posts ago, I was talking about how there was a surge of login attempts to my blog. The majority of the attackers were from Netherlands and on second place were bots from Russia, the US ranked at 3rd place. A fellow blogger, commented that he receives a daily dose of login attempts also coming from the Netherlands. He was using a plugin to limit login attempts. The plugin is aptly named limit login attempts.

Limit Login Attempts

I have been searching for a way to handle these login attempts so I thought I’d give this security plugin a try. It was good and did exactly what it’s supposed to. In my case though, there appears to be a curious message on the settings page that I can’t figure out, it says “Current setting appears to be invalid”. I’m not really sure what that means but the plugin still works as expected.

Apocalypse Meow

I searched the plugin directory to see if there was a similar plugin that works the same way but has more features. Apocalypse Meow turned out to be exactly what I was looking for. Aside from the limits imposed on failed login attempts it also has the option to leave a personal message for the failed attackers. Although I’m pretty sure that only bots would see it 99% of the time, it was a nice feature nonetheless.

The plugin also has a feature to remove the WordPress Version Generator which may act as an invitation to would-be-attackers. Both Limit Login Attempts and Apocalypse Meow work very well. The only difference is that Limit Login Attempts is a more lightweight version. Apocalypse Meow is relatively new and was added just recently to the plugin repository. We’ll see how it progresses.

wordpress login attempts
Apocalypse Meow wp-login.php for failed attempters.

If you use CloudFlare, you can easily block bot login attempts using Page Rules.

Share This Post