More login safeguards
While Chapter 5, Login Lock-Down concentrated on securing administrative access, there are a couple of additional safeguards that we can establish for regular user access too.
Limit Login Attempts
Jo
han Eenfeldt's plugin is a must-have, both for subscription sites and for non-subscription sites where, for whatever reason, you do not protect your wp-admin account using Apache's access or authorization modules:
Limit Login Attempts – http://wordpress.org/extend/plugins/limit-login-attempts
It does just what it says on the tin, limiting the number of times someone can attempt to login before locking them out temporarily. Put that another way: it prevents brute forcing.
Scuttle log-in errors
Another info leak problem: you've probably tried logging in sometime and seen this:
Reading between the lines, that message on the wp-login.php page is saying Hey, you got the username right. Fancy a brute force? Well, you'd be right to think that the Limit Login Attempts plugin belittles...
