Someone has been trying to brute-force attack my site lately (guessing my username and password) and so I thought I’d share the plugin that is blocking them and also letting me know that it’s happening: Limit Login Attempts. After a configurable number of log in failures, the plugin blocks the IP from attempting to log in for a configurable amount of time. Super handy. 
Plugin hasn’t been updated in a long time (2 1/2 years), and some forum reports that it doesn’t work right anymore… but it sounds useful!
Works fine here.
This plugin was last updated 25th August 2011, I think you’re confusing it with Login Lockdown which hasn’t been updated since 2009.
Indeed, that’s what happened.
thanks!
You could do achieve the same thing by editing your .htaccess file. I’m guessing this plugin does this anyways so it won’t make a difference how it does it.
Also, it hasn’t been updated for 172 days which I’m pretty sure is less than 2 1/2 years.
Do you still use the Bad Behavior plugin? I wish Limit Login Attempts had an automatic way to permanently ban persistent IP’s.
Nope, I gave up on Bad Behavior a long, long time ago. Too many false positives and Akismet has come a long way. It catches 99.9% of my spam.
Yes, Akismet is getting better and better at catching spam.
What about protecting your site from other sorts of malicious attacks? Do you recommend any other firewall-type plugins?
Nope, I just make sure to run the latest version of WordPress. That’s plenty.
This pluginis great, I use it on all my blogs.