Plugin Directory

Limit Login Attempts

Author: Johan Eenfeldt

Limit the number of login attempts possible both through normal login as well as (WordPress 2.7+) using auth cookies.

By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

Features

  • Limit the number of retry attempts when logging in (for each IP). Fully customizable
  • (WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
  • Informs user about remaining retries or lockout time on login page
  • Optional logging, optional email notification
  • Handles server behind reverse proxy

Translations: Bulgarian, Catalan, Czech, German, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish

Plugin uses standard actions and filters only.

Download

FYI

Compatibility beta

Your Setup

Log in to vote.

The Consensus (3 reporting)

100%
100,1,1 100,1,1
100,3,3 100,2,2
100,1,1 100,1,1

Average Rating

5 stars
4 stars
3 stars
2 stars
1 star
(15 ratings)

See what others are saying...

  1. [Plugin: Limit Login Attempts] Russian Translation for 2.8.2
  2. [Plugin: Limit Login Attempts] WPMU compatible?
  3. [Plugin: Limit Login Attempts] 2.0beta2
  4. Limit Login Attempts doesn't work in 2.8
  5. [Plugin: Limit Login Attempts] Russian Translation for 2.8.2
  6. [Plugin: Limit Login Attempts] 2.0beta1
  7. [Plugin: Limit Login Attempts] Please comment if you have any questions
  8. [Plugin: Limit Login Attempts] Login Attempt Counter not reset after successful login