WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

Limit Login Attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

1891012

115 reviews
Average Rating
4 stars
4.8 out of 5 stars
4 stars
Saved my butt!
By , for WP 3.5.1

After hearing about a recent brute-force hack attempt targeting WordPress sites, I went to find a plugin to lock out usernames with x amount of failed logins.

This was the 3rd one I tried and by far the best. Did exactly what I needed to, perfectly.

Within the hour of installing it, I started seeing attempts at random IP's trying to login to four of my sites, but getting locked out.

Thanks!

5 stars
Easy and Effective for Brute Force Attacks
By , for WP 3.5.1

The plugin is easy to install and can be used out of the box without reconfiguring the default settings. I've found this is one of the easiest ways to prevent a brute force attack and is a great alternative to other security plugins that alter the wp core. I use this plugin on all my sites.

5 stars
Thanks
By ,

Very useful

5 stars
Very good plugin
By , for WP 3.5.1

good

5 stars
great!
By , for WP 3.5.1

and after having collected bad ips for a longer time, i will now install http://wordpress.org/extend/plugins/wp-ban/ to ban them

5 stars
Perfect
By , for WP 3.5.1

Just install and activate, the default settings are reasonable.

5 stars
Should be in WP core
By , for WP 3.5.1

For a long time, this plugin has been proven to prevent WP sites from hack attempts logging in with easy to guess user names and passwords.

The recent massive brute force attacks againts WP should be a sign to consider merging this plugin into WP core
http://codex.wordpress.org/Brute_Force_Attacks

5 stars
Simple and effective
By , for WP 3.5.1

Simple to get running and highly effective. A great security tool for any WordPress site!

5 stars
Keep it simple
By , for WP 3.5.1

Does one thing, good.

5 stars
Awesome!
By , for WP 3.5.1

Thank you! Works effortlessly.

I installed this after my ISP sent out a message to all the hosting clients that there were repeated Brute Force attempts on all WordPress installations.

I feel a better knowing this is installed.

You must log in to submit a review. You can also log in or register using the form near the top of this page.