Title: Limit Login Attempts (Spam Protection)
Author: wp-buy
Published: <strong>February 20, 2020</strong>
Last modified: June 15, 2025

---

Search plugins

![](https://ps.w.org/wp-limit-failed-login-attempts/assets/banner-772x250.png?rev
=3180531)

![](https://ps.w.org/wp-limit-failed-login-attempts/assets/icon-256x256.png?rev=
2247358)

# Limit Login Attempts (Spam Protection)

 By [wp-buy](https://profiles.wordpress.org/wp-buy/)

[Download](https://downloads.wordpress.org/plugin/wp-limit-failed-login-attempts.5.6.zip)

 * [Details](https://test.wordpress.org/plugins/wp-limit-failed-login-attempts/#description)
 * [Reviews](https://test.wordpress.org/plugins/wp-limit-failed-login-attempts/#reviews)
 *  [Installation](https://test.wordpress.org/plugins/wp-limit-failed-login-attempts/#installation)
 * [Development](https://test.wordpress.org/plugins/wp-limit-failed-login-attempts/#developers)

 [Support](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/)

## Description

Limit the number of login attempts possible both through normal login as well as
using auth cookies.

By default WordPress allows unlimited login attempts either through the login page
or by sending special cookies. This allows passwords (or hashes) to be brute-force
cracked with relative ease.

Limit Login Attempts blocks an Internet address from making further attempts after
a specified limit on retries is reached, making a brute-force attack difficult or
impossible.

### Basic Features

 * Limit the number of retry attempts when logging in.
 * Configurable lockout timings.
 * Email notification of blocked attempts (Detailed email containing all necessary
   information).
 * Notify the user of remaining attempts.
 * Report containing all blocked attempts.
 * Whitelist/Blocklist of IPs (Support IP ranges).
 * Allow/Block Countries.
 * Automatically block IP addresses that exceed limit login attempts
 * Automatically add IP addresses that exceed blocks limit to the deny list
 * Send notifications about blocked retry (Email sent to admins)
 * Inform the user about the remaining retries or lockout time on the login page.
 * Unlock The Locked users – Easily unlock the locked admin through the email or
   dashboard.
 * Limit the number of retry attempts when logging in per IP.
 * Limit the number of attempts to log in using cookies.
 * Optional logging and optional email notification.
 * Compatible with Google captcha, Captcha Plus & reCaptcha.
 * Dashboard gives you an overview of your site’s security.
 * Enable or disable the plugin functionality
 * Enable to disable email notifications
 * Compatible with latest WordPress version
 * Woocommerce login page protection.
 * Wordfence & Sucuri compatibility.
 * GDPR compliant.

### Advanced Features (PRO)

 * All Basic features included.
 * Save the password that was used by the hacker (Save part of the password and 
   hide the last three digits).
 * Advanced dashboard gives you an overview of your site’s security (Charts for 
   the most important reports).
 * Block attackers by IP, Country, IP range.
 * Mobile Application for the admins to follow up the site security ([Download APK](https://www.wp-buy.com/wp-content/uploads/apps/login-attempts-app.apk)).

### Video Description

### Plugin Settings and Reports

## Screenshots

[⌊screenshot 1⌉⌊screenshot 1⌉[

screenshot 1

[⌊screenshot 2⌉⌊screenshot 2⌉[

screenshot 2

[⌊screenshot 3⌉⌊screenshot 3⌉[

screenshot 3

[⌊screenshot 4⌉⌊screenshot 4⌉[

screenshot 4

[⌊screenshot 5⌉⌊screenshot 5⌉[

screenshot 5

[⌊screenshot 6⌉⌊screenshot 6⌉[

screenshot 6

[⌊screenshot 7⌉⌊screenshot 7⌉[

screenshot 7

## Installation

The plugin is simple to install:

 1. Download the file `wp-limit-failed-login-attempts.zip`.
 2. Unzip it.
 3. Upload `wp-limit-failed-login-attempts` directory to your `/wp-content/plugins`
    directory.
 4. Go to the plugin management page and enable the plugin.
 5. Configure the options from the `Limit Failed Login` page

## Reviews

![](https://secure.gravatar.com/avatar/83e671d3e4153025fcc6e1c784f53eca11035e8ffda4015c708cafc846a20495?
s=60&d=retro&r=g)

### 󠀁[Lockout Option Apparently Not Working](https://wordpress.org/support/topic/plugin-is-creating-false-data-to-force-upgrade-to-premium/)󠁿

 [thecelticcroft](https://profiles.wordpress.org/thecelticcroft/) August 29, 2022
1 reply

I contacted my server host for help because this plugin keeps telling me that my
site is under possible brute-force attack. I change lockout settings to lockout 
for 4 days following a failed attempt, but this plugin’s log was still apparently
filling up with failed attempts and lockouts for the same couple of accounts that
shouldn’t have been possible if it was doing it’s job. So I provided a list of IP
addresses to my server host, and they checked logs at the server level and said 
there was no sign that any of those IP addresses had attempted to log into the site.
I uninstalled the plugin.

![](https://secure.gravatar.com/avatar/c15617ce8784ee30b6235918d4e6762acc8d096760f97d99575480e144cac969?
s=60&d=retro&r=g)

### 󠀁[Saving My Postie’s Bacon](https://wordpress.org/support/topic/saving-my-posties-bacon/)󠁿

 [rickgravelin](https://profiles.wordpress.org/rickgravelin/) May 18, 2021

With this tool I realize that after two weeks of being live our site has had world
renown popularity. Every Continet, evey country and sovergnty has recognized us,
yet only 6 out of 171 of our council members have signed on to use our site. Thank
you for showing me this.

![](https://secure.gravatar.com/avatar/2bda31e58ef6d0327e35bd2ab5ba37e179b1f4168f968e1d604bd6d79e9d04b8?
s=60&d=retro&r=g)

### 󠀁[Very useful and easy to use](https://wordpress.org/support/topic/very-useful-and-easy-to-use-63/)󠁿

 [bonaventuradibello](https://profiles.wordpress.org/bonaventuradibello/) December
7, 2020

A good solution if you don’t use heavier plugins like WordFence or Ithemes Security.

![](https://secure.gravatar.com/avatar/11062ae9cfef00f8d5a7f1a61954bb783a50c78dec546b1f42b8d11c0f0f7c36?
s=60&d=retro&r=g)

### 󠀁[Quick Support & Excellent Plugin](https://wordpress.org/support/topic/quick-support-excellent-plugin-3/)󠁿

 [ahmednabubaker](https://profiles.wordpress.org/ahmednabubaker/) November 12, 2020

Really a helpful plugin. Support is very active too.

![](https://secure.gravatar.com/avatar/b0afaf2268a86450e4dbac7616b5de6ddfa520804889d45491f295b8bd415dde?
s=60&d=retro&r=g)

### 󠀁[Great plugin](https://wordpress.org/support/topic/great-plugin-28553/)󠁿

 [mohmmed alagha](https://profiles.wordpress.org/mohmmedalagha/) November 11, 2020

Working fine, thank you.

![](https://secure.gravatar.com/avatar/85d9ea30f6a19c1401a12dde2c731b4337c68dca8860cb07db05fefdf3af1743?
s=60&d=retro&r=g)

### 󠀁[Did not work for me. Doesn’t lock out after x failed attempts.](https://wordpress.org/support/topic/did-not-work-for-me-doesnt-lock-out-after-x-failed-attempts/)󠁿

 [bigfly](https://profiles.wordpress.org/bigfly/) November 11, 2020 2 replies

Installed it to try dealing with brute force attacks and it successfully logs all
failed attempts but never locked them out. Yes, it was enabled and set to 3 invalid
logins. Lockout period was increased too but they kept coming. Uninstlled.

 [ Read all 7 reviews ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/)

## Contributors & Developers

“Limit Login Attempts (Spam Protection)” is open source software. The following 
people have contributed to this plugin.

Contributors

 *   [ wp-buy ](https://profiles.wordpress.org/wp-buy/)
 *   [ mohmmed alagha ](https://profiles.wordpress.org/mohmmedalagha/)
 *   [ osama.esh ](https://profiles.wordpress.org/osamaesh/)

[Translate “Limit Login Attempts (Spam Protection)” into your language.](https://translate.wordpress.org/projects/wp-plugins/wp-limit-failed-login-attempts)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/wp-limit-failed-login-attempts/),
check out the [SVN repository](https://plugins.svn.wordpress.org/wp-limit-failed-login-attempts/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wp-limit-failed-login-attempts/)
by [RSS](https://plugins.trac.wordpress.org/log/wp-limit-failed-login-attempts/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 5.6

Security Bug fixing – part 2

#### 5.5

Security Bug fixing

#### 5.4

Security Bug fixing

#### 5.3

Bug fixing in log report

#### 5.2

Checking with wordpress version 6.2

#### 5.1

 * Bug fixing in lockout (locked accounts) report (security issiu reported by WPScan)

#### 4.9.1

 * Bug fixing in log report (security issiu reported by WPScan) – part 3

#### 4.9

 * Bug fixing in log report (security issiu reported by WPScan) – part 2

#### 4.8

 * Bug fixing in log report (security issiu reported by WPScan)

#### 4.7

 * Bug fixing in dashboard & email reports

#### 4.6

 * Bug fixing – Use local flags instead of using third party website

#### 4.5

 * Bug fixing – Remote get issue

#### 4.4

 * Bug fixing – PHP notice message

#### 4.3

 * Bug fixing in login attempts counter

#### 4.2

 * Bug fixing in email alerts

#### 4.1

 * Bug fixing in email alerts

#### 4.1

 * Adding statistics page & new statistics widgets
 * Adding a new feature: Block by IP and Range IP
 * Bug fixing and enhancements

#### 2.8

 * bug fixing in settings

#### 2.7

 * Compatibility with SMPT plugins

#### 2.6

 * bug fixing in attempts count
 * bug fixing in email alerts

#### 2.5

 * Bug fixing in a timezone
 * Bug fixing in the lockout timer

#### 2.4

 * Bug fixing in recording attempts

#### 2.3

 * Bug fixing in the email alerts

#### 2.2

 * improvements in reports
 * improvements in dashboard widgets

#### 2.1

 * hot fixes in the wp-buy cp page

#### 1.9

 * hot fixes
 * improvements

#### 1.8

 * Add one starting page for all of our plugins
 * Add links to dismiss the new start page links

#### 1.7

 * Adding new feature (IP blocking)
 * Adding new feature (search by IP, country, username)
 * Adding new feature (show username and password in the log reports)

#### 1.6

 * Bug fixing – PHP Notice -> Undefined index

#### 1.5

 * Adding username and user role to the log
 * Adding search by username, IP, role, country

#### 1.4

 * Email template improvements

#### 1.3

 * Display GEO location in detail for any blocked IP address

#### 1.2

 * Bug fixing in the user permissions
 * adding “Vote” message

#### 1.1

 * CSS enhancements

#### 1.0

 * First beta release

## Meta

 *  Version **5.6**
 *  Last updated **1 year ago**
 *  Active installations **200+**
 *  WordPress version ** 4.6 or higher **
 *  Tested up to **6.8.5**
 *  PHP version ** 7.2 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/wp-limit-failed-login-attempts/)
 * Tags
 * [anti-spam](https://test.wordpress.org/plugins/tags/anti-spam/)[firewall](https://test.wordpress.org/plugins/tags/firewall/)
   [Login Attempts](https://test.wordpress.org/plugins/tags/login-attempts/)[protection](https://test.wordpress.org/plugins/tags/protection/)
   [security](https://test.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://test.wordpress.org/plugins/wp-limit-failed-login-attempts/advanced/)

## Ratings

 3.9 out of 5 stars.

 *  [  5 5-star reviews     ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/?filter=2)
 *  [  2 1-star reviews     ](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/reviews/)

## Contributors

 *   [ wp-buy ](https://profiles.wordpress.org/wp-buy/)
 *   [ mohmmed alagha ](https://profiles.wordpress.org/mohmmedalagha/)
 *   [ osama.esh ](https://profiles.wordpress.org/osamaesh/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/wp-limit-failed-login-attempts/)