One weak point of [tag]WordPress[/tag] is the lack of security for the login. Ok, there is not much to steal in a blog. However, hackers have made a mess of popular blogs on several occassions. Owen Winkler posted an unreleased plugin to limit login attempts to 3 tries before impossing a 10 minute wait. It even emails the blog owner to let them know of the attempts. Also, it blocks brute force password cracks.
Unfortunately, Owen had a server crash recently and is working to restore full functionality to his site (RedAlt). I am sure that problem has slowed down his work on plugins. Others ‘in the know’ have looked at the plugin and say that it’s a nice, clean piece of code. I have it running on 4 blogs already.
You can find the code on this page. To save time, you can download the plugin here. Right-click choose ‘Save Target As’ then re-name amor.txt to armor.php.
As usual, upload the file to your plugins folder. CHMOD it to 777. Then, go to your plugins page and activate it. That’s all! If you have any problems with the plugin, just use your FTP client to delete (or re-label) the plugin file.
Update (August 2007): This plugin will not work with WordPress 2.1+. Unfortunately, it not supported by the author and it’s beyond my skill level to update it. There is new plugin just out called Login LockDown that will work on more recent versions of WordPress. You can use that one instead.