Which WP plugin would you recommend me to limit the login attempts to e.g. just 5? Also, wouldn't the use of such plugin slow down the loading time of my website?
#1 - Don't use the 'admin' username #2- Good Passwords #3- You can use the Enforce Strong Password plugin to force users to set strong passwords. Things to avoid when choosing a password: A word from a dictionary, in any language. A short password. Any numeric-only or alphabetic-only password (a mixture of both is best). Password Protect wp-login.php Password protecting your wp-login.php file (and wp-admin folder) can add an extra layer to your server. Because password protecting wp-admin can break any plugin that uses ajax on the front end, it's usually sufficient to just protect wp-login. To do this, you will need to create a .htpasswds file. Many hosts have tools to do this for you, but if you have to do it manually, you can use this htpasswd generator. Much like your .htaccess file (which is a file that is only an extension), .htpasswd will also have no prefix. You can either put this file outside of your public web folder (i.e. not in /public_html/ or /domain.com/, depending on your host), or you can put it in the same folder, but you'll want to do some extra security work in your .htaccess file if you do. Speaking of, once you've uploaded the .htpasswd file, you need to tell .htaccess where it's at. Assuming you've put .htpasswd in your user's home directory and your htpasswd username is mysecretuser, then you put this in your .htaccess: put in htaccess # Stop Apache from serving .ht* files <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> # Protect wp-login <Files wp-login.php> AuthUserFile ~/.htpasswd AuthName “Private access” AuthType Basic require user mysecretuser </Files> PHP: Plugins you can use - BruteProtect Limit Login Attempts Lockdown WP Admin WP Fail2Ban Admin Renamed Extended Enforce Strong Password Wordfence Security 3WP Activity Monitor All in one WP Security the strongest and the weakest point of any security is YOU, each and every time. http://codex.wordpress.org/Brute_Force_Attacks and to answer your qestion, ALL the plugins will have some overhead except for the htaccess method.