Security for Admin login? Lock after set number of tries

Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?

Thank you very much! peace.

The Login plugin provides flood protection (, but only for the frontend, Admin does not yet have such checks.

You can (and should) limit access to Admin using HTTP authentication, or IP range limit, with webserver-specific ways (.htaccess / .htpasswd for Apache).

You can even keep Admin in the local / staging site only, that’s one of my favorites. I put it in my .gitignore, and only sync the pages and configuration to the live site.

And, you should also change the default /admin route to something unique, via the Admin plugin settings.