How to Block Bots From Accessing Your WordPress Login Form

April 14, 2023 by Muhamed Delihasanovic

WP Login Lockdown is a WordPress plugin that adds an extra layer of security to your website’s login page. It employs a variety of approaches to safeguard your website against brute-force assaults, which are attempts by hackers to guess your login credentials by attempting repeated username and password combinations.

This article describes how to use the login form protection function of the plugin, which limits the number of login attempts from a single IP address within a set period. This function aids in the prevention of automated login attempts by bots and other dangerous software.



WP Login Lockdown login form protection basic

The first step is installing and activating the WP Login Lockdown plugin on your WordPress website. Once activated, you can visit the plugin’s settings page by clicking on “WP Login Lockdown” in the WordPress dashboard’s “Settings” menu.

There are several choices for configuring the plugin’s functionalities on the settings page. Go down to the “Login Form Protection” section and tick the box next to “Enable Login Form Protection” to enable the login form protection function.

Below this choice are two boxes where you can specify the maximum number of login attempts permitted and the period during which these attempts may be made. The default parameters are 5 attempts in 5 minutes, however, these can be changed to suit your needs. Once you’ve customized the settings to your liking, click the “Save Changes” button at the bottom of the page to save your changes.


Blocking Bots

WP Login Lockdown login form protection advanced

In addition to limiting the number of login attempts, under the Advanced settings tab, you can find a toggle switch to Block Bots. By simply turning this toggle on, you will prevent any bots from accessing your login page and attempting any kind of brute-force attack.

Aside from the mentioned option, there is also a toggle to Add Honeypot for Bots. This toggle will add a hidden field to your login form that is only visible to bots and not normal users. If a bot tries to fill out your form, it will also fill out the said field which will result in an immediate block. This feature does not require any additional steps or any changes in how people log in, just simply turn it on.


Additional Security Options

WP Login Lockdown login form protection tools

In addition to login form protection, WP Login Lockdown has additional security capabilities that can aid in the detection of bots and other dangerous malware. For example, the plugin allows you to ban IP addresses and countries, which can be handy if you detect that bots from a specific place are targeting your website.

You can also alter the login page URL, which can assist prevent bots from discovering and accessing your login page. You can make it harder for bots to find and access your login page by altering the URL to something more difficult to guess, such as

The plugin also keeps a log of unsuccessful login attempts, which you can check by going to the plugin’s settings page and clicking on the “Failed Login Attempts” tab. This log shows the user’s IP address, the username or email address used in the login attempt, as well as the date and time of the attempt.

Some useful tools include a Recovery URL that will help you access your site in case you are locked out for any reason, import and export options for your settings and Data Wipe which will remove all options, rules, and log tables once the plugin is deleted.



In conclusion, WP Login Lockdown has various features that can assist in preventing bots and other dangerous software from accessing your website’s login page. You may add an extra layer of security to your website and safeguard it from unauthorized access by enabling its login form protection function, restricting IP addresses and countries, modifying the login page URL, and reviewing the unsuccessful login attempts log.

While WP Login Lockdown can assist against brute-force assaults, it is not a replacement for strong passwords and other security precautions. To keep your website secure, it is always a good idea to use strong, unique passwords that are routinely updated. Also, keeping your WordPress installation and plugins up to date is critical for website security.

Leave a Reply

Your email address will not be published. Required fields are marked *