Limit Login Attempts

Limit Login Attempts

#7 – Limit Login Attempts – Return to /best-wordpress-plugins

Limit Login AttemptsLimit Login Attempts

If hackers do find your login page, you can keep them out buy limiting the number of login attempts they have. Install the ‘Limit Login Attempts’ plugin. Set it up to lock users out for as long as you want and after as many failed login attempts as you think appropriate. This is really important for WordPress security and well worth the relatively short time it takes to set up. Download the plugin here –

Limit the number of login attempts possible both through normal login as well as using auth cookies.

By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.


  • Limit the number of retry attempts when logging in (for each IP). Fully customizable
  • Limit the number of attempts to log in using auth cookies in the same way
  • Informs user about remaining retries or lockout time on the login page
  • Optional logging, optional email notification
  • Handles server behind a reverse proxy
  • It is possible to whitelist IPs using a filter. But you probably shouldn’t. 🙂

Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish

The plugin uses standard actions and filters only. Speak to your web design company to make sure they’re being thorough.