As part of my investigation into securing WordPress sites from bruteforce and vulnerability attacks I’d like to highlight the WordPress plugin Limit Login Attempts.

With my ongoing experience with commercial WordPress sites I’m greatly concerned of the after-math of one of my sites being hacked, most commonly through bruteforce or vulnerability focused attacks.

While keeping sites up to the latest public version helps with closing exploits stopping login-based attacks has long been a weakness without a fix, Limit Login Attempts addresses this by monitoring the IP addresses of machines attempting to login and when the limit has been reached imposes a ban upon that IP address. This won’t make a dent in stopping bot-nets but it puts the crawl on script-kiddies.