Hacking is a huge issue for all webmasters. No one likes to work so hard to set up a killer website only to have some stranger hack it and steal its search engine rankings and content. Most hackers are not experienced enough to try sophisticated tactics on sites (thankfully). So they rely on bots and brute force attacks to gain access to your admin panel. Unfortunately, WordPress does not have a built-in functionality to thwart these types of attacks. Limit Login Attempts is a powerful plugin that lets you limit the number of times one can enter wrong username/password sets. It can bans IPs for you so you don’t have to.
Limit Login Attempts can have multiple benefits for your WordPress website. For starters, it can automatically take care of people who want to abuse your website. If they try too many wrong username/password sets, they get blocked or banned. The app does log abusers’ IPs, so you can block them forever using your .htaccess file. I do recommend reducing the number of allowed retries to 3. Reducing the number of allowed lockouts before increasing lockout time is wise too.
I love the lockout email feature. I have set that to 1 on my site. That means as soon as someone gets locked out once, I’ll get a reminder to deal with the abuser. This is especially useful if you have set up WordPress sites to use sometime in the future but don’t want to worry about them getting hacked till then.
Limit Login Attempts does not keep your blog safe against all hack attacks. It can reduce the chances of it happening though. A must have plugin for every blog.