2 WordPress Plugins To Protect Your Blog From Brute Force Hacking

Being a WordPress blogger, it is obvious that you are much concerned about the blog security. We all like to keep our blogs secure against the hackers. WordPress users are lucky enough that there are several security plugins and other template tweaks to safeguard the blog from hacking attempts. One of them is changing the default WordPress username ‘admin‘. If you haven’t done this yet, I strongly recommend to do it by referring here.

Brute force is one of the oldest forms of hacking, where a hacker run a script and attempt to login to your account by trying different combination from dictionary Words. Depending upon the complexity of your password, it may take 1 hour to few days to get access to your account. This is one reason, why I keep asking you to stop using “admin” username and change it to something else. Also, always use a complex password.

You should know that by default WordPress allows unlimited login attempts through the login page. It may encourage the potential hackers to guess your password by the method call BruteForcing.

You need to ensure that your login page is protected from Brute Force attack. Here I’m sharing two plugins (#1 is highly recommended) to protect your login page from Brute Force attack.

Use Jetpack Brute Force protection

I have updated this post to let you know about newest feature addition in Jetpack plugin. Chances are you might be using Jetpack plugin & if yes, you don’t need to use Limit login or any other plugin to protect from Brute force attack. Jetpack have added a new module call Protect.

Jetpack Protect module

If you have Jetpack plugin installed, enable the Protect module, and your WordPress blog will be protected from Brute force attack. The dashboard will also show you the number of blocked malicious login attempts. You also get an option to whitelist specific I.P. from Jetpack > Settings > Protect > Configure

Whitelist Login I.P.

Limit Login to Limit the number of logins tries in WordPress:

Brute Force attack can also be prevented by using Limit Login Attempts plugin. It helps the admin to limit the number of login attempts possible both through normal login as well as using auth cookies.

  • Limit the number of retry attempts when logging in (for each IP)
  • Limit the number of attempts to login using auth cookies in the same way
  • Informs user about remaining retries or lockout time on the login page
  • Optional logging, optional email notification
  • Handles server behind reverse proxy


  • Plugin options page:
    Limit login Attempts PLugin
  • Login error page:
    wordpress Limit Login Attempts login page
  • Email I got after a lockout:
    wordpress Limit Login Attempts email screenshot
[Plugin download page]

If you are getting too many hacking attempts, you can use WordPress Stealth Login plugin. It helps you to create custom URLs for logging in.

Do share other useful WordPress plugins which you use to keep your WordPress blog safe and secure?

Subscribe on Youtube

Article By
Blogger, internet lover, social media addict, loves making new friends.


COMMENTs ( 25 )

    • Andros says

      That’s ridiculous. Security plugin with built-in vulnerability! Are you kidding me with those kindergarten stuff? The name of plugin was stolen from the name of famous Limit Login Attempts plugin to attract attention and to get more installations. That’s unfair play and shows that author can’t offer something valuable.

  1. says

    Also try “Lockdown WP Admin” as a better alternative to “Stealth Login”, which didn’t work for me due to it being outdated for 2 years. Lockdown WP Admin does the same thing as Stealth Login, but with additional features and updated.

  2. Bill says

    Please note that Limit Login Attempts hasn’t been updated in two years. Looking through the support section for the plugin you will see some problems with admins being locked out and at least one post about it being hacked.

  3. says

    What about using captcha on WP login page? There is a plugin called “Captcha on Login”. Anyone has any experience with this plugin?

    • says

      Captcha plugin is also useful, but if you have an active site where users need to login every now & then, it can give bad user-experience. I would recommend use Jetpack security module instead. If registration is open on your blog, use Wangguard plugin along with it.

  4. says

    I am using Limit Login Attempts with captcha on login page and it is working good on for me. There are really attempts I can see that are there trying to get through my website. Thanks for letting us know more on security.

  5. Charlie says

    Thanks for the article. I have been using a free plugin called WordPress Simple Security Firewall that replaces Akismet, Limit Login Attempts and other security plugins. You can even set a master password that will not allow anyone to change the security settings if hacked. Check it out…this is a hidden gem.

  6. Meezan Rahman says

    I have an article site of 13 subscribed author(including myself) and a little bit worried about my sites security as it is a quite new site of mine. Definitely this plug-in will give me a shy of relief.

    Thanks for the nice post.

  7. Shafar says

    Those are very good plugins for blog security. In case of ‘Stealth login’, we just need to give the login URL to the authors if our blog is multi-authored.

  8. Mani Viswanathan says

    I’m using Login LockDown as well as Stealth login. This is an alternative..Also as Harsh had mentioned in his earlier post its important to change default username and to hide the wordpress version to avoid exploits.

  9. Shafar says

    Good to hear that. Hope you too are receiving some lockout emails as shown in the screenshot. :D

  10. Tech Maish says

    Shafar thanks for shairng this plugin. I am using it and is very useful for worpdress bloggers.

  11. Dev says

    Great Plugin,
    I’m currently using login lock down plugin.
    Now going to try this plugin.
    Thanks for sharing !! Good Job.


    • Shafar says

      ‘Login LockDown’ is a good alternative. If you are not satisfied with it, you can try ‘Limit Login Attempts’. :)

  12. Arijitblog says

    Helpful WordPress plugin for blog safety!! :) No more Hacking of the blog “admin panel”… :)

    Thanks for sharing with us!! :)