Security is very important for any website. Hackers are out there, and church websites seem like easy pickings because most churches don’t worry about security features. One of the ways hackers work is to create programs that try and guess usernames and passwords until they get it.
Login LockDown prevents this! I would highly recommend that you install it on your WordPress site. It records the IP address and timestamp of every failed login attempt. You can set up a certain number of failed login attempts that you will allow over a certain period of time. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
The the plugin defaults a 1 hour lockout of an IP block after 3 failed login attempts within 5 minutes. As I said, this can be modified via the Options panel. Also, if there is a legitimate failed attempt, administrators can release locked-out IP ranges manually from the panel.