When I arrived at the WordPress page to login and write a post, I was greeted by the notice that I had failed too many login attempts and would have to wait to try again.
This was odd, since I had just arrived on the page and not tried even once. If zero attempts is too many, I can see this becoming a problem pretty quickly.
I wonder how back-end programmers select the amount of time the lockout will last. Is there a standard wait period that is sufficient to discourage hackers from randomly guessing, but not so long to completely disturb production by the account owner?
