Protecting your website from all forms of attacks is vital and should be a consideration for all website developers and owners alike. A developer performing their due diligence and setting up methods of protection against known types of attacks is one thing and having a backup is another, however it is still up to the website owner to carry out and maintain their own forms and means of securing their website and in particular, their websites administration area.
There are a number of ways to protect your WordPress admin, these can range from only allowing access by a particular IP address to also relocating the admin folder into a directory other than wp-admin.
A plugin I have been using now for some time and install onto every clients WordPress site is Login Lockdown by Michael VanDeMar. This plugin essentially limits the number of login attempts from an IP range over a set period of time.
How does it work
Login LockDown records the IP address and timestamp of every failed WordPress admin login attempt. If more than a specified number of attempts are detected within a particular period of time from the same IP range, the login function is disabled for all requests from that IP address range.
You can also lockout attempts to try and log in with invalid usernames and mask login errors. In the plugin settings page, you will see a list of all the IP addresses that are currently locked out, which can be released with one click. This is a quick and easy way of monitoring and protecting your admin from unauthorised login attempts.
Login LockDown is free and only takes seconds to activate and setup which makes it somewhat of a no-brainer.
So head on over to WordPress.org and start using Login LockDown now. You won’t regret it!