There is a hacker technique called bruteforcing, that involves constant attempts to login at your website by constantly trying new passwords until one fits. But in WordPress you can fight it by limiting the number of authorization attempts per user. There are many plugins that provide this feature, but Loginizer is considered the best.
- Go to your WordPress Dashboard.
- Click Plugins in the left sidebar.
- Click Add New.
- Enter Loginizer in the search field in the upper right.
- Find this plugin. Click Install Now.
- Click Activate.
As of right now, Loginizer is active. By default, each user gets a maximum of three login retries. If they fail to login, they get hit with 15 minutes of lockout time. After five lockouts, the lockout time gets extended to 24 hours. The lockout counter resets every 24 hours too.
If you want to change those settings:
- Click the new Loginizer Security setting in the sidebar.
- Click Brute force.
- Setup the settings however you see fit and click Save settings.