By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
We have set up an integration with the plugin Limit Login Attempts. This will allow you to configure your site to block an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
For more on the plugin, click here
Follow the steps below to activate the plugin:
- Download, install and activate the Limit Login Attempts plugin.
- From the MemberMouse menu go to General Settings, and then click on the Other Settings tab.
- Scroll down to the Limit Login Attempts section.
- Once the plugin is successfully activated, you will see the message below