Most organizations block unauthorized access to their networks, servers, and other IT resources. The Limit Login Attempts (LLA) plug-in for the Linux operating system prevents users from setting up multiple accounts on a single computer or on many computers on a network. It is primarily used to limit the number of times a single IP address can log on to a website. However, LLA can also be used to block brute-force password attempts on other accounts.
Limit the number of sign-in attempts
Each organization has different requirements when it comes to restricting sign-in attempts. For example, most require users to be able to perform only five failed sign-in attempts per day. In addition, administrators can limit the number of failed login attempts by IP address or by account. They can also decide whether to allow the creation of user accounts from multiple IP addresses at once or not. The second option prevents certain users from creating many accounts at the same time.
How it works
LLA works by monitoring keyboard activity on the system and preventing further logins when there are five consecutive failed attempts. It can be configured to block all logins from a specific IP address or from specific accounts. In addition, service providers can restrict login attempts from certain devices by using the MAC address or by creating a list of allowed IP addresses that they are allowed to perform login attempts.
Against misuse of user accounts
Organizations use logon attempt limits to secure their networks from unauthorized access to user accounts. There are many ways to set and implement these limits, so users are only allowed five failed logins per day. In some cases, these limits help prevent expensive data corruption or data loss caused by automatic password guessing programs.
The plugin with this feature, which I write about in this short article, is available for download in the web administration of your WordPress website. You can find it in the »Plugins« and »Plugin Installation« category under the name »Limit Login Attempts«. Just download it to your administration and set it up as you wish.