WordPress, like many other online platforms, has a number of security measures in place to protect user accounts from unauthorized access. One of these measures is login attempt limitations, which restricts the number of times a user can attempt to log in to their account within a certain period of time.
By default, WordPress allows users to attempt to log in as many times as they want, which can leave accounts vulnerable to brute force attacks. To prevent these types of attacks, website administrators can set login attempt limitations. These limitations typically work by locking out a user's account after a certain number of failed login attempts, and can be set to expire after a certain amount of time has passed.
Administrators of websites hosted at 10Web can adjust the login attempt parameters by defining constants in the wp_config.php file.
Note:
You will need to have an FTP client installed.
To access the wp_config.php file:
- Connect your WordPress via an FTP client
- Once connected, click on the wp-live folder
- Click on the wp_config.php file to open it in a code editor
Important:
Any changes that you make and save to the wp_config.php file will impact your live website. Please make sure you have a backup of the original file before making changes.
Define the following parameters in the wp_config.php file according to your needs.
-
define('TW_FAILED_LOGIN_ATTEMPTS_COUNT', 5);
Enter the number of fails until the user is blocked.
-
define('TW_LOCKOUT_TIME', '10800'); \\in seconds
How long the user is blocked.
-
define('TW_FAILED_ATTEMPTS_TIME', 300 ); \\in seconds
Time frame within which the user must fail in order to be blocked. For example; if a user fails 5 times in 1 hour, the user is blocked.
-
define('TW_LOCKOUT_MESSAGE ', ' You have been locked out due to too many invalid login attempts');\\
Message when the user becomes blocked.
When you are done, save the file and upload it into your wp-live folder.
Important:
Please make sure to test your site after you have made the changes to make sure that everything is running correctly.