Limit Attempts by BestWebSoft

Description

Limit Attempts plugin is a security solution for WordPress which protects your website from spam and brute-force attacks. Limit the number of failed login attempts per user and block user IP for a certain period of time based on your settings. This will stop automated scripts to generate a large number of different combinations and hack your website.

Manage black- and whitelists, receive email notifications, hide website forms for blocked or blacklisted IPs, and other advanced features which guarantees safety of your data.

Secure your website today!

Free Features

  • Automatically block IP addresses that exceed limit login attempts
  • Automatically add IP addresses that exceed blocks limit to the blacklist
  • Manually add IP addresses to:
    • Blacklist
    • Whitelist
  • Hide login, register, lost password forms for blocked or blacklisted IPs
  • Add blacklisted IP address to the htaccess file with Htaccess to reduce your website database workload
  • Consider incorrect captcha as a failed login attempt with Captcha
  • Manage your statistics list with:
    • IP address
    • Number of failed attempts
    • Number of blocks
    • Status
  • Customize error messages for:
    • Invalid attempt
    • Blocked user
    • Blacklisted user
  • Send customizable notifications about blocked and blacklisted users to:
    • User email
    • Custom email
  • Compatible with latest WordPress version
  • Incredibly simple settings for fast setup without modifying code
  • Detailed step-by-step documentation and videos
  • Multilingual and RTL ready

Pro Features

All features from Free version included plus:

  • Add IP address ranges or IP masks to black- and whitelists
  • Add certain country’s IP addresses to the black- and whitelist – GeoIP database
  • Manage total number of failed attempts with blocked list additional option
  • Manage black- and whitelists with extended options:
    • Country
    • Range from
    • Range to
    • Reason
  • Compatible with Captcha Pro and Captcha Plus:
    • Consider the incorrect captcha input as an invalid attempt for the forms compatible with Captcha
  • Compatible with reCAPTCHA:
    • Consider failed reCAPTCHA validation as an invalid attempt for the forms compatible with reCAPTCHA plugin
  • Set the option for non-existent username log in:
    • According to time and login attempts set for Block- and Blacklist
    • Block IP immediately
    • Blacklist IP immediately
  • Manage your log tab with:
    • IP address
    • Internet Hostname
    • Event
    • Form
    • Event time
  • Summary diagram with login attempts statistic and prevented hacking attempts in the settings page and in a dashboard widget
  • Configure all subsites on the network
  • Get answer to your support question within one business day (Support Policy)

Upgrade to Pro Now

If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! Suggest a Feature

Documentation & Videos

Help & Support

Visit our Help Center if you have any questions, our friendly Support Team is happy to help – https://support.bestwebsoft.com/

Translation

Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send the text of PO and MO files to BestWebSoft and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO files Poedit.

Recommended Plugins

  • Updater – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.
  • Captcha – Protect WordPress website forms from spam entries by means of math logic.
  • Htaccess – Protect WordPress website – allow and deny access for certain IP addresses, hostnames, etc.

Screenshots

  • Message with allowed retries.
  • Error message when a user has been blocked.
  • Error message when a user has been blacklisted.
  • Plugin settings in WordPress admin panel.
  • Additional settings which allow to customize error messages in the form.
  • Plugin additional settings which allow to customize email messages.
  • Tab with Blocked addresses.
  • Blacklist settings tab.
  • Whitelist settings tab.
  • Tab with Statistics.

Installation

  1. Upload the limit-attempts folder to the /wp-content/plugins/ directory.
  2. Activate the plugin using the ‘Plugins’ menu in your WordPress admin panel.
  3. You can adjust the necessary settings using your WordPress admin panel in “Limit Attempts”.
  4. Set your own options or use defaults, create, if you need, whitelist or/and blacklist.

View a Step-by-step Instruction on Limit Attempts Installation

FAQ

Installation Instructions
  1. Upload the limit-attempts folder to the /wp-content/plugins/ directory.
  2. Activate the plugin using the ‘Plugins’ menu in your WordPress admin panel.
  3. You can adjust the necessary settings using your WordPress admin panel in “Limit Attempts”.
  4. Set your own options or use defaults, create, if you need, whitelist or/and blacklist.

View a Step-by-step Instruction on Limit Attempts Installation

What can the options on the “Settings” tab be used for?

The “Settings” tab includes all the basic plugin settings that allow blocking addresses, displaying notifications and interacting with other BestWebSoft plugins.
“Lock options:”. This block includes settings for automatic blocking of the user’s IP address for a certain period ( “Block address for ‘x’ days ‘y’ hours ‘z’ minutes” ), after a certain number of failed login attempts ( “after ‘x’ failed attempts” ) within a specified time frame ( “per ‘x’ days ‘y’ hours ‘z’ minutes” ).
“Block options:”. Here you can find settings for automatic adding of the user’s IP address to the blacklist after a certain number of blocks ( “Add to the blacklist after ‘x’ blocks” ) within a specified period of time ( “per ‘x’ days ‘y’ hours ‘z’ minutes” ).
“Show additional options for block message.” This block includes fields for customizing messages displayed in the login form. To display certain variables, you can use their names, which can be found to the left of the field itself.
“Send mail with notify to administrator”. This option enables sending messages to the administrator concerning users recently blocked or added to the blacklist. Also, you can specify the email address these notifications will be sent from.
“Show additional options for email message”. Here you can find fields for customizing email messages concerning the blocking of a user. Similar to “Show additional options for block message” block, you can use the names to display certain variables, which are located to the left of the field itself.
“Htaccess plugin”. This block enables the interaction with Htaccess plugin. All blacklist and blocking data is copied to the .htaccess file, which reduces your website’s workload and improves site security.
“Captcha”. This option enables the interaction with Captcha plugin. Also, this is where you can specify whether incorrect captcha input should be considered a failed login attempt.

Where can I find the list of the blocked users?

All blocked users are listed on the “Blocked addresses” tab. Also, this is where the time a block will be removed is displayed. However, there is also an option to remove the block manually.

How do I add users to the black- or whitelist?

Both “Blacklist” and “Whitelist” tabs have separate fields for address input. Also, there is an option to add a range of addresses or subnets with the help of various masks.

There is a lot of entries in my white- and blacklists, mostly masks, how can I find out whether a certain IP address is on one of these lists?

To do so, you need to enter the necessary IP address in the search field. When done, all entries related to the sought-for address will be displayed in the chart.

Where can I find failed login attempts statistics?

The statistics of IP addresses of users who failed to enter login data correctly at least once is displayed on the “Log” tab. Also, this tab is a place to search for the number of failed login attempts and blocks, as well as the current status of this IP address.

How can I unblock a user manually?

To unblock a certain user, go to the “Blocked addresses” tab on the plugin’s page and search for the necessary address in the “IP adress” column. This done, a “Reset block” option will appear when you move the cursor to the user’s address. Click on this caption and the IP address will be unblocked. To unblock a group of users, you can use “Bulk Actions”: mark the addresses that have to be unblocked, choose the “Reset block” action and click “Apply.”

What will happen if I add a user to both the white and black lists?

In case it happened so that a user is on both the black- and whitelist, the blacklist will have a higher priority.

I accidentally added my address to the blacklist, how can I fix that?

There are several ways to fix this issue:

  1. Log in to your account from another computer with a different ip address and remove your ip address from the blacklist.
  2. Log in to your account through Proxy Avoidance program or website and remove your ip address from the blacklist.
  3. If you have access to the database, find the datasheet with the ip addresses on the blacklist (it ends with “lmtttmpts_blacklist”) and remove your ip address from this datasheet. However, this method should only be used at the very outside, as, chances are, the plugin will not function properly as a result.
I do not receive email notifications about blocked ip addresses, what shall I do?

First off, make sure you have selected the option to send email notifications to the administrator on the plugins settings page. Also, make sure your email is entered correctly.
If you have checked all of the abovementioned and everything seems to be correct, it is possible that the mailout was blocked or delayed significantly by your hosting. Also, it is likely that your emails are automatically moved to the spam box, so you might want to check it.

I’ve noticed a short delay with automatic blocking of a user. Did I do something wrong?

This may happen when you enable sending email notifications. No need to worry, your site’s and your plugin’s performance will not be affected whatsoever.

I saw the message “With such … options` settings the user`s IP will never get into the blacklist…” when saving plugin settings. What does it means?

This means that you put wrong values in “Block address” and “Add to the blacklist” options. You have to change them so that they correspond to the formula:

{"Add to the blacklist per" option} < {"Block address for" option} * {"Add to the blacklist after" option}
I have some problems with the plugin’s work. What Information should I provide to receive proper support?

Please make sure that the problem hasn’t been discussed yet on our forum (https://support.bestwebsoft.com). If no, please provide the following data along with your problem’s description:

  1. the link to the page where the problem occurs
  2. the name of the plugin and its version. If you are using a pro version – your order number.
  3. the version of your WordPress installation
  4. copy and paste into the message your system status report. Please read more here: Instruction on System Status

Reviews

Stopped Login Attempts for My Site

I’ve been using this plugin for a couple of years and been very happy with the results. I have Securi installed and it was constantly emailing me about failed login attempts until I installed this.

Ikal

Install this plug-in now, pokoke apiklah

Great plugin with quick support!

I use the plugin since one year and it helps me great to keep my WP clean. Now, after one year I’ve a little problem but the suppport helped me out within 3 hours! Great!

Read all 35 reviews

Contributors & Developers

“Limit Attempts by BestWebSoft” is open source software. The following people have contributed to this plugin.

Contributors

“Limit Attempts by BestWebSoft” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “Limit Attempts by BestWebSoft” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

V1.2.0 – 13.10.2017

  • Update : All functionality for wordpress 4.8.2 has been updated.
  • PRO : Compatibility with the Google Captcha (reCAPTCHA) by BestWebSoft has been added.

V1.1.9 – 19.06.2017

  • Update : All functionality for wordpress 4.8 was updated.
  • Pro : Statistic displaying has been updated.

V1.1.8 – 17.03.2017

  • NEW: An ability to add IP address to the Whitelist from the Blocked List.
  • Update : The plugin settings page has been updated.

V1.1.7 – 06.10.2016

  • Update : Block and blacklist functionality improved.
  • Pro : An ability to edit the reason of adding to black- or whitelist has been added.
  • Pro : Compatibility with the Captcha Pro by BestWebSoft plugin has been updated. WooCommerce plugin support has been added.

V1.1.6 – 08.08.2016

  • Update : All functionality for WordPress 4.6 was updated.

V1.1.5 – 27.06.2016

  • Update : The Polish language file has been updated.
  • Update : BWS Panel section is updated.

V1.1.4 – 08.04.2016

  • Update : The Polish language file has been updated.
  • Bugfix : The bug with the displaying of the HTML tags in error messages has been fixed.
  • Bugfix : The bug with the automatic unblocking of users has been fixed.
  • Bugfix : The bug with the automatic blacklisting of users has been fixed.
  • Bugfix : The bug with the creating of plugin’s database tables has been fixed.

V1.1.3 – 26.01.2016

  • NEW : Ability to hide the login form, the registration form and the lostpassword form for blocked or blacklisted IPs.
  • Bugfix : Bug with displaying of list of blocked IPs has been fixed.
  • Bugfix : Bugs with the recording/removing of statistical data in the database have been fixed.
  • Bugfix : Bugs with the pagination on plugin`s settings pages have been fixed.
  • Update : Compatibility with the Htaccess by BestWebSoft plugin has been updated.
  • Update : Functionality for the login form, the registration form and the lostpassword form has been updated.
  • Update : Functionality for wordpress 4.4.1 has been updated.

V1.1.2 – 21.10.2015

  • Bugfix : We fixed the bug with adding IP to the blacklist.
  • Update : BWS plugins section is updated.

V1.1.1 – 09.10.2015

  • NEW : Ability to add your IP in to the whitelist.
  • Update : We updated the list with IP addresses displaying in the black- and whitelist.
  • Bugfix : We fixed SQL injection vulnerability in the function of obtaining IP-address of the user.
  • Update : We updated all functionality for wordpress 4.3.1.

V1.1.0 – 21.07.2015

  • NEW : Ability to restore default settings.

V1.0.9 – 12.06.2015

  • Bugfix: We changed the mechanism of unlocking IP addresses on the timer.

V1.0.8 – 14.05.2015

  • NEW : The Polish language file is added.
  • Bugfix: Undefined user blocking after plugin activation is fixed.
  • Bugfix: Access priority when IP is included to the black- and whitelist at the same time (blacklist has higher priority).
  • NEW: Ability to search by part IP.
  • NEW: Additional notifications on the plugin pages.

V1.0.7 – 30.01.2015

  • Update : Compatibility with new Htaccess was added.
  • Update : The work of IP unblocking function was improved.

V1.0.6 – 30.12.2014

  • Update : Settings tab on plugin settings page was updated (interactivity was improved).
  • Update : The name of the ‘Log’ tab on the plugin settings page was changed to ‘Statistics’.
  • Bugfix : Performance issue on ‘Statistics’ page was fixed.

V1.0.5 – 11.09.2014

  • Update : We updated all functionality for wordpress 4.0.
  • Bugfix : Added missing closing tags .

V1.0.4 – 08.08.2014

  • Budfix : Security Exploit was fixed.

V1.0.3 – 04.08.2014

  • Update : We updated all functionality for wordpress 4.0-beta2.
  • Budfix : Bug with Number of failed attempts is fixed.

V1.0.2 – 19.06.2014

  • Bugfix : Added support for working with multisite.
  • NEW : Added the ability to customize error messages in login form.
  • NEW : Added the ability to customize customize email messages.
  • NEW : Java scripts was added.

V1.0.1 – 27.05.2014

  • Bugfix : Deleting unused sql query.
  • NEW : Added messages in admin page.

V1.0.0 – 05.05.2014

  • Bugfix : The code refactoring was performed.
  • NEW : Css-style was added.
  • NEW : Added messages in login form.