Hy Friends, Is post me ham aapko batane ja rahe hai ki Without Plugin Limit Login Attempts set karke WordPress blog ko Brute force attack se kaise bachaya ja sakta hai, Jabki maine apni pichhli post me aapko bataya tha ki Godaddy Managed WordPress Hosting par website ya blog kaise banaya jata hai. Jaisa ki ham sab jante hai ki WordPress blog to banana bahut hi easy work hai lekin use secure karna utna hi big task hota hai. Kuchh logo ko sayad is bare me maloom nahi hoga ki per day bahut sare blogs aur websites hackers dwara hack karke barbad kar diye jate hai. Iska main part jo hai vo brute force attacks se juda rahta hai. Me is time apne is blog par kuchh aisi hi situation se cross ho raha hu, Jo mere liye bahut painful time hai.
Me is samay in 24 hours me minimum 20 times brute force attacks ko face kar raha hu, Jisse meri site kabhi kabhi slow bhi ho jati hai. Lekin jaisa ki samay ke sath sab kuchh badal jata hai to me bhi usi koshish me laga hu aur apni is site ko highly secure karne me thoda time spend kar raha hu. Khair chhodiye in bato ko aur sidhe point par aate hai.
Read Also: WordPress Site me Comment Policy Message add kare
Limit Login Attempts kya hota hai ?
Ye Wp login se related hota hai jisme ham apne WordPress Dashboard ko login karne ke liye login attempts set kar sakte hai. I mean jab koi user Dashboard ko login karne me kitni bar galti karke login kar sakta hai. Default me wordpress me iski koi settings nahi hoti hai. Ise ham kuchh special code ko apni site me add karne ke baad login attempts set kar sakte hai. Matlab aap chahe to wp login attempts ko 1, 2, 3 ya isse jyada bar ke liye bhi set kar sakte hai. Yadi ise sidhe sabdo me kahu to aap Wp admin login karne ke liye Attempts ki limit set kar sakte hai.
WordPress Blog me Limit Login Attempts kyo set kare ?
Jaisa ki me aapko upar bata chuka hu ki ye WordPress blog ko more secure banata hai, aur jo hackers brute force attacks ke dwara wp site ko hack karne ki koshish karte hai, Ye unhe rokne me kamyab rahta hai. Lekin iske liye aapko minimum login attempts set karna hoga jaise 1 ya 2 only.
For Example, Yadi koi hacker aapki site par attack karta hai to vo sabse pahle aapke user aur password ko crack karne ki puri koshish karta hai. Lekin use iske liye brute force attack karna hota hai jisse vo aapke credential ko achieve kar sake. Aur iske liye use bar-bar kuchh tools ki madad se login karna padta hai. Jisse vo ek bar login karne me vo aapke user password ka ek character prapt kar lete hai. Aur isi tarah vo many times failed login karke aapke all credential ko prapt kar lete hai aur vo aapki site ko login karke kuchh bhi kar sakte hai.
Read Also: Professional Blogger WordPress blog me Widget Logic kyo use karte hai
Isliye hackers ki is method ko prevent karne ke liye hame Limit Login Attempts me only 1 ya jyada se jyada 2 rakhna chahiye. Isse vo sirf ek ya 2 baar hi login attempts kar payenge. Aur isse jyada bar ye try karenge to unka ip address automatically blocked ho jayega aur vo aapke Login URL ko use nahi kar payenge, Is error ko lockdown wp admin kahte hai.
To chaliye aage badhte hai aur aapko batate hai ki limit login attempts settings wordpress blog ya website ke liye kaise karte hai.
WordPress limit login attempts settings kaise kare ?
Vaise to iske liye bahut sare plugins available hai lekin jab ham wordpress limit login attempts without plugin set kar sakte hai to mujhe nahi lagta ki isse achha idea other koi hoga. Yadi aap achhe to apne blog me iski settings ko karne ke liye is Video Tutorial ko watch kar sakte hai –
Yadi aap Video guide ko follow nahi karna chahte hai to chaliye niche diye gaye steps ko carefully follow kijiye –
Step – 1
Sabse pahle apna WordPress Dashboard open kijiye.
- Appearance par jaye.
- Editor par click kijiye.
Step – 2
Ab aapke samne code edit karne wala page khulega jisme aapke blog ki bahut sari files dikhengi jaise header.php, single.php etc. In par click karke inke code ko open karke aap edit kar sakte hai. Lekin limit login attempts wordpress me set karne ke liye only function.php ka upyog kiya jayega.
- Right side me Function.php file par click kijiye.
- Proceed par click kar de.
Step – 3
/**
* CLASS LIMIT LOGIN ATTEMPTS
* Prevent Mass WordPress Login Attacks by setting locking the system when login fail.
* To be added in functions.php or as an external file.
*/
if ( ! class_exists( 'Limit_Login_Attempts' ) ) {
class Limit_Login_Attempts {
var $failed_login_limit = 3; //Number of authentication accepted
var $lockout_duration = 1800; //Stop authentication process for 30 minutes: 60*30 = 1800
var $transient_name = 'attempted_login'; //Transient used
public function __construct() {
add_filter( 'authenticate', array( $this, 'check_attempted_login' ), 30, 3 );
add_action( 'wp_login_failed', array( $this, 'login_failed' ), 10, 1 );
}
/**
* Lock login attempts of failed login limit is reached
*/
public function check_attempted_login( $user, $username, $password ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
if ( $datas['tried'] >= $this->failed_login_limit ) {
$until = get_option( '_transient_timeout_' . $this->transient_name );
$time = $this->when( $until );
//Display error message to the user when limit is reached
return new WP_Error( 'too_many_tried', sprintf( __( '<strong>ERROR</strong>: You have reached authentication limit, you will be able to try again in %1$s.' ) , $time ) );
}
}
return $user;
}
/**
* Add transient
*/
public function login_failed( $username ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
$datas['tried']++;
if ( $datas['tried'] <= $this->failed_login_limit )
set_transient( $this->transient_name, $datas , $this->lockout_duration );
} else {
$datas = array(
'tried' => 1
);
set_transient( $this->transient_name, $datas , $this->lockout_duration );
}
}
/**
* Return difference between 2 given dates
* @param int $time Date as Unix timestamp
* @return string Return string
*/
private function when( $time ) {
if ( ! $time )
return;
$right_now = time();
$diff = abs( $right_now - $time );
$second = 1;
$minute = $second * 60;
$hour = $minute * 60;
$day = $hour * 24;
if ( $diff < $minute )
return floor( $diff / $second ) . ' secondes';
if ( $diff < $minute * 2 )
return "about 1 minute ago";
if ( $diff < $hour )
return floor( $diff / $minute ) . ' minutes';
if ( $diff < $hour * 2 )
return 'about 1 hour';
return floor( $diff / $hour ) . ' hours';
}
}
}
//Enable it:
new Limit_Login_Attempts();
- Ab aapke samne aapke blog ki function file ka all code open ho jayega. Isme sabse niche scroll down karte huye pahunch jaye aur ?> iske pahle upar diya gaya code paste kar de.
- Ab Update file par click kar de.
Note – Keep in mind Yadi aapne code paste karne me kahi galti kar di to aapki site down ho sakti hai, Isliye me aapko is settings ka upar diya gaya video tutorial dekhne ke liye suggest karunga.
Customization – Upar diye gaye code ke lin no. 8 me failed_login_limit = 3 ki jagah 1 ya 2 rakh sakte hai. Aur Line no. 9 me lockout_duration = 1800 ki jagah 43200 ya apne hisab se kam jyada kar sakte hai kyonki ye seconds diye gaye hai. 1800 = 30 minuts, 43200 = 12 hours. is tarah se calculate karke time set kar sakte hai ki failed login wale IP ko kitne time ke liye block karna hai. Aur “Stop authentication process for 30 minutes: 60*30 = 1800″ Isme bhi changes kar le. Aur yadi Kuchh bhi changes nahi karna hai to aap use without edit kiye bhi use kar sakte ho.
Now you have to complete all steps. Congratulation ! ab aapki site brute force attack se 100% secure rehegi.
Read Also: WordPress site me 404 Not Found Error kaise remove kare
Mujhe ummid hai ki aapko samajh me aa gaya hoga ki wordpress me limit login attempts without plugin kaise configure kar sakte hai. Yadi aapki site par bhi kisi hacker dwara brute force attack kiya ja raha hai to comments ke madhyam se hame jarur bataye ham aapki help jaldi karne ki puri Koshish karenge. Yadi aapko Ye WP security guide se related koi question hai to aap jarur hamse puchh sakte hai. Mujhe lagta hai ye tutorial aapke liye helpful raha hai, isliye ise social media par jarur share kar de jisse other Bloggers ki help ho jaye. Always Sharing is caring.
Bro मैंने कुछ समय पहले ही वर्ड प्रेस को सीखने के लिए एक टेंपरीं ब्लॉग बनाया है ओर मैंने वर्डप्रेस में बहुत कुछ सीखा है लेकिन मुझे एक बात समझ नहीं आ रही आप ने अपने ब्लॉग में बॉर्डर बॉक्स कैसे बनाया मेरे कहने का मतलब यह है कि आपिने RECENTLY UPDATED, Alexa Rank.. जैसे प्लगीग के लिए अलग-अलग बॉर्डर बॉक्स कैसें बनाया है यह कैसे किया प्लीज मुझे इसके बारे में बताइए अगर कोई कोड हो तो वह बताइएगा
Dear Rusheek ji, Yadi aapko coding aati hogi to hi aisa bana payenge. Iske liye koi ek code nahi hai 2-3 files me code edit kiye gaye hai. Isliye me aapko suggest karunga ki aap coding jarur sikh le kyonki ye hamesha aapke kaam aayegi. Keep visiting on bloglon.
bhaii mujhe ?> nhii mil rha haii nhut search kiya ab aap batye mai kya karu bhaii
Dear GAURAV TIWARI ji, Aap Video watch kijiye, aapki problem solve ho jayegi.
Hello Surendra Ji
Aapse Ek Help Chahiye Ki….Actually maine Apne blog me Ribbon Theme Install ki hai, mai aapse customization ki jaankari janna chahta hu kya aap mujhe isme help karenge , mujhe 3 cheejo ko customize krne me problem ho rahi hai, to please mujhe inka solution de….
1. Mai Apne Menu Navigation bar ki Width ko kam karna chahta hu..sidebar widgets ke barabar.
2. Home Page pe Article Box ka size large karna chahta hu thumbnail ke sath.
3. Sidebar Widgets me blocks add karna chahta hu jaisa aapne kiya hua hai…
please mujhe inhe customize krne me help kare…
maine kuchh time pehle hi WordPress migration kiya hai,…blogspot se..
Deepak Shrivastav ji, aapka blog maine check kiya hai aur maine dekha hai ki Ribbon theme me aapne kuchh wrong editing ki huyi jise me asani se customize nahi kar paunga, I mean its high time consuming work. So I’m so sorry. Keep visiting on bloglon.
दोस्त आपने पोस्ट बहुत अच्छी लिखी है बहुत काम की है लेकिन jetpacks प्लगइन भी सिक्योरिटी फीचर्स अच्छे से देता है इसकी मदद से कोई एक ip एड्रेस वर्डप्रेस dashbord में लोगिन कर सकता है दूसरा कोई भी ip एड्रेस उसमें लाख कोशिश करने के बाद भी उसमें लॉग इन नहीं कर सकता
Thanks brother aapka kahna bhi bilkul sahi hai lekin plugin features ki vajah se site loading speed bhi affected hoti hai.
bhai g wpa security ki wi fi kaise hack kre
Yaha hacking se related kuchh bhi share nahi Kiya jata, sirf blogging related problems ka solution prapt kar sakte hai.
Bahut achhi jaankari h bhai.
Mera ek sawal h, Maine ek sal pahle 1and 1 se domen liya tha. aur aaj us me login kiya tha. kuch kam tha isiliye. mera blog. http://www.helpforblogging.com ise open karta hu to. link me http://www.helpforblogging.com/defaultsite aisa aata h. aur jab page khulta h to us me page not found aisa aa raha h. kya yah domen mistake h. ya blog mistake h. mera blog WordPress pr h
Aapka domain expire ho gaya hai aapko renew karna chahiye tha.
Hi,
I used your method but today I see it’s show error without any failed attempt and I can’t log in
“ERROR: You have reached authentication limit, you will be able to try again in 3 hours.”
Bina failed attempt ke login block nahi hota, ab aapka ip block ho gaya isliye cpanel login karke function file se limit login code remove Kar dijiye uske baad aap login ho jaoge.