Limit Login Attempts (Spam Protection)
By wp-buy
Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.
+3
Overview
Compatibility
Installation instructions
Customer support & learning resources
Changelog
Main benefits
Limit retry attempts
Configurable lockout timings
Email notifications
IP Whitelist/Blocklist
Country-based blocking
About this plugin
Author: wp-buy
Categories: Security
Version: 5.3
Last updated: 07-02-2024
WordPress version: 4.6
Tested up to: 6.4.5
PHP version required: 5.4
Languages:
Tags:
Learning resources: View resources
Overview
The Limit Login Attempts plugin for WordPress is designed to enhance site security by restricting the number of login attempts both through the standard login page and via authentication cookies. This critical functionality helps to combat brute-force attacks by blocking an Internet address after a specified number of unsuccessful attempts, making it significantly harder for attackers to crack passwords. Key features include configurable lockout timings, detailed email notifications to administrators, the ability to whitelist or block specific IPs or countries, and comprehensive reporting on blocked attempts. Additionally, users are kept informed about remaining login tries or lockout durations directly on the login page. The plugin is fully compatible with Google captcha, Woocommerce, Wordfence, and Sucuri, and adheres to GDPR compliance. Advanced features offered in the PRO version include saving partially guessed passwords, an in-depth security dashboard, and a mobile application for administrators to monitor site security on the go.
Enhanced Security
- Limit the number of retry attempts when logging in.
- Automatically block IP addresses that exceed limit login attempts.
- Whitelist/Blocklist of IPs and support for IP ranges.
- Allow/Block Countries.
User Notifications
- Email notification of blocked attempts.
- Notify the user of remaining attempts.
- Inform the user about the remaining retries or lockout time on the login page.
Comprehensive Reporting
- Report containing all blocked attempts.
- Optional logging and optional email notification.
- Advanced dashboard with charts for the most important reports (PRO).
Compatibility and Compliance
- Compatible with Google captcha, Captcha Plus & reCaptcha.
- Woocommerce login page protection.
- Wordfence & Sucuri compatibility.
- GDPR compliant.
Rating and reviews
thecelticcroft
13 Aug, 2022
I contacted my server host for help because this plugin keeps telling me that my site is under possible brute-force attack.
I change lockout settings to lockout for 4 days following a failed attempt, but this plugin’s log was still apparently filling up with failed attempts and lockouts for the same couple of accounts that shouldn’t have been possible if it was doing it’s job.
So I provided a list of IP addresses to my server host, and they checked logs at the server level and said there was no sign that any of those IP addresses had attempted to log into the site.
I uninstalled the plugin.
This topic was modified 2 years, 5 months ago by thecelticcroft.
This topic was modified 2 years, 5 months ago by thecelticcroft.
thecelticcroft
13 Aug, 2022
I contacted my server host for help because this plugin keeps telling me that my site is under possible brute-force attack.
I change lockout settings to lockout for 4 days following a failed attempt, but this plugin’s log was still apparently filling up with failed attempts and lockouts for the same couple of accounts that shouldn’t have been possible if it was doing it’s job.
So I provided a list of IP addresses to my server host, and they checked logs at the server level and said there was no sign that any of those IP addresses had attempted to log into the site.
I uninstalled the plugin.
This topic was modified 1 year, 11 months ago by thecelticcroft.
This topic was modified 1 year, 11 months ago by thecelticcroft.
rickgravelin
18 May, 2021
With this tool I realize that after two weeks of being live our site has had world renown popularity. Every Continet, evey country and sovergnty has recognized us, yet only 6 out of 171 of our council members have signed on to use our site. Thank you for showing me this.
bonaventuradibello
07 Dec, 2020
A good solution if you don’t use heavier plugins like WordFence or Ithemes Security.
ahmednabubaker
12 Nov, 2020
Really a helpful plugin. Support is very active too.
This topic was modified 3 years, 9 months ago by ahmednabubaker.
