The WordPress admin is fairly vulnerable to hackers. Hackers know where the admin is; they know the username for the admin is usually “admin”, so that only leaves one problem – the password. For a hacker, that’s not a really big problem. Just run a brute force attack and in a matter of time, there’s a good chance of figuring out the password and logging in. What comes next? Anything the hacker wants, including destroying the blog you’ve worked so hard on.

A good friend of mine just finished creating a WordPress plugin called Login LockDown that aims to make that task much, much more difficult for a hacker. The plugin records makes a record of the IP address every time someone attempts to login to the WordPress admin. After 3 unsuccessful tries (number is configurable), the IP address is locked out from any further attempts for an hour (also configurable). You, the admin, can unblock an IP if needed.

I installed the plugin and it installed without a hitch. I then tested it, and it worked flawlessly.

I HIGHLY recommend that everyone install this WordPress security plugin to prevent any problems with hackers taking over your blog.