How to disable or Lock down WordPress user account after Invalid Login attempts?
- Monday, October 21, 2013 By David Peter
WordPress is the one most popular community driven CMS with thousands of plugins and themes available to transform your website into anything that you can imagine. As told by our Author Ramya Santhosh, because of its huge popularity, the need to secure WordPress website has become highly important. To remind, more than 90 thousand WordPress powered websites has been hacked at the end of April 2013. With these stats in mind, every WordPress administrator should take necessary care in managing their user accounts.
Lets consider few scenarios…
What should you do, if one of your author leaves the job with tons of posts written? You can choose to delete the account (by moving the posts to other account), but you should also remember that he/she had written ton of articles and you should still give credit to them. So the ideal way is to disable the user account and leave the posts in their name.
Or if someone is trying to Login to WordPress using Brute force method? Most of the WordPress accounts are hacked using Brute Force method and dictionary attacks, where the attacker can try as many invalid passwords before finding the correct one. So it is very important to lock down the user after the set number of invalid Login attempts.
Now the goal of this article is to tell you how to lock or disable WordPress user account after the set number of Invalid Login attempts.
Step 1 : Download the plugin called “User Locker” (link given at the bottom).
Step 2: Extract the download zip file and copy it to wp-content/plugins folder
Step 3: Browse to wp-admin and enable the Plugin.
Step 4: If you want to disable or Lock any user, just head on to Users > All users > Edit the user you wish to disable or lock.
Step 5: Scroll down to the bottom of the page and select “User account is locked for security reasons” check box and provide Lock reason (if you wish to display it on the Login page).
Step 6: If you want to disable any user account, then select “User account is disabled” check box and provide the disable reason (if you wish to display it on the Login page).
Step 7: Here comes another important setting. Jump to Settings > User Locker and set “Maximum invalid login attempts before account locking“. Checkout other settings as well.
Hereafter the user account will be locked automatically after the set number of invalid login attempts. To enable the account, just Edit the user profile and uncheck “User account is locked for security reasons“. That’s it!
Download User Locker Plugin