WordPress.org

Plugin Reviews

Limit Login Attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

111121318

176 reviews
Average Rating
4.7 out of 5 stars
A plugin that everybody should install
By , for WP 3.7.1

This is a plugin that everybody should use. In fact we would like that the functionality would be integrated in WordPress.

Great security plugin
By , for WP 3.6.1

Worth adding to your WordPress site.

A must have plugin
By , for WP 3.6.1

Really awesome plugin. I almost stops 100 of hackers to hack my site everyday.

Limited Attempts Problem Solved
By , for WP 3.6.1

Limit Login Attempts is a great solution. Great step towards keeping your password secure!

My two sites have blockes over 13,000 each
By ,

I am still running 3.1. I installed this two months ago on two low traffic personal sites. Since then each site has blocked over 13, 000 or more attempts to login to the admin account.

I am glad to see that the plugin appears to work with 3.6.1. I need to upgrade my two sites.

Note that my stats prove what an ongoing attack on WordPress sites is underway, trying to exploit logging in as admin. Bots run 24x7 scanning for sites and trying to login.

All Good!
By , for WP 3.6.1

Working great for me. Already stopped one hacker. Love that I get notified of attempts.

Worked as told
By ,

Did exactly what it said !

An awesome "must-have" plugin
By , for WP 3.6.1

An absolute essential tool. Does exactly what it promises and no interference with other plugins.

No problems found so far, thanks a lot for this plugin!

Does a pretty good job but could be better
By , for WP 3.6

A US government warning published in April, 2013 states that "WordPress Sites Targeted by Mass Brute-force Botnet Attack" (Cf. http://1.usa.gov/176KLH4).

I have watched these botnet attacks hammer my own blogs for months and I am glad I found the LIMIT LOGIN ATTEMPTS plugin. It seems to help tremendously.

I would, however, like to see a "whitelist" option so that I can separate known, trusted "good" IP addresses from the rest. Once in a blue moon my own cookies get messed up and I cannot login to a blog. If I forget the password, this plugin blocks me.

To get around that I have to remove the plugin (as a server admin) and then login to the blog and then reinstall the plugin. I would just prefer to have a whitelist capability.

I do like the way I can extend jail time for bad IP addresses. Being able to change the parameters helps to block further attempts from new addresses that get out of jail before I can block them in my firewall or .htaccess files.

Another nice feature to have would be an EXPORT function. The botnets can be so aggressive that you compile thousands of IP addresses in a short time under a sustained brute force attack. Trying to capture all that data with standard COPY-AND-PASTE is tedious. I need to analyze the IP addresses in a spreadsheet so I can find patterns.

Works as Advertised
By , for WP 3.6

Works like a champ. No extra fancy stuff, just does the job. Period.

You must log in to submit a review. You can also log in or register using the form near the top of this page.