Many WordPress sites gets lots and lots of login attempts from hackers. You may not even be aware of this – until you install a plugin like Simple History that logs security related events like logins and login attempts. Suddenly your log is full of failed login attempts. Just during a day you can get thousands of them.
Here’s a real example from one of the sites I maintain:
Ouch! 3363 failed login attempts since the last time I logged into that site. That’s not good. By why worry about this? Let me explain.
Why many failed login attempts is a problem
If someone tries for a long time to login to your website, the chance is that they finally succeed. And if a hacker gains access to you site they can start using your site for different kinds of bad activities:
- they can delete or change all of your content
- they may put hidden spam content onto your pages
- they can install secret backdoors on your server that can be used by botnets to perform hacker attacks on other system.
Many login attempts can also consume lots of server resources. For each login attempt your site must load many php files, start WordPress, talk with the database server, and so on.
Also, unwanted log entries make it more easy to miss other events in the log.
So, a lot of login attempts is a bad thing for your site. Fortunately we can protect our site from these.
Ways to protect your site
As always you should begin with making sure that you use strong passwords. The harder the password is to guess, the longer it will take for a hacker to guess it.
Then you should install a plugin that can stop the hacker from making so many login attempts. Why even give the hacker the chance to try many usernames and passwords to begin with?
Here are seven plugins that I have tested and found useful.