THE Loginizer is a WordPress plugin that limits automated attempts to guess user passwords (called “brute force” attacks), blocking the access IP for a period of time. It is a very useful and also free plugin, with extra features in the “premium” (paid) version. In this article we will install the basic version.
It is possible that you have already enabled Loginizer when installing WordPress through the Softaculous Script Installer. If not, follow the steps below.
Step 1: access your WordPress administration.
Step 2: place your mouse pointer over "Plugins" in the side menu. A submenu will appear, click on the “Add new” option.
Step 3: in the search field, type “loginizer”. The “Loginizer” plugin will appear. Click "Install Now".
Step 4: after installation, click “Activate”.
Step 5: place the mouse pointer over the “Loginizer Security” option in the side menu. Click on the "Brute Force" option in the submenu.
The screen that appears has a section that lists failed WordPress access attempts (incorrect password). After 3 unsuccessful access attempts, the user's IP is blocked. The “Remove From Logs”Deletes the selected entries from the list. “Clear All Logs”Deletes all entries.
In the next section you can change some variables, such as “Max Retries“, Which is the maximum number of access attempts with an incorrect password that a given IP can perform before being blocked. The default value is 3. “Lockout Time”Is the IP blocking time. “Max Lockouts”Indicates how many blocks an IP can suffer before being blocked for a longer period, determined in“Extend Lockout”(24 hours is the default). After the value of “Reset Retries“In hours, the number of attempts for an IP is zeroed.
The field "Email Notification”Determines the number of password errors after which you will receive an email warning (leave at 0 to not receive these alerts).
In the “IP Blacklist”You can block an IP range from accessing WordPress administration. Enter the initial and final IP and click on “Add Blacklist IP Range”. The range will appear in the list below. Click in "Delete”To remove the lock if you want.
In "IP Whitelist”The procedure is similar, only to release access to a range of IPs, without counting incorrect access attempts (no blocking).