WordPress.org

Plugin Reviews

Limit Login Attempts

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

8 reviews
Average Rating
4.7 out of 5 stars
You are currently viewing the reviews that provided a rating of 4 stars. Click here to see all reviews.
Will be really depressed if compatibility ceases.
By , for WP 4.1.1

I see that this plugin hasn't been updated in over 2 years, and that's fine, because it still works perfectly.

There are way too many plugins that try to do too much, what this one does, it does well, with purpose and simplicity and for that, I love it.

I really hope that upgrades and modifications to WordPress, which are inevitable, don't push this plugin into an incompatible state.

In earnest, stuff like this should be integrated into the WordPress core.

Nice
By , for WP 3.8.1

Nice mice all right

Language supports
By ,

Please support another languages.

Simple y efectivo a la hora de limitar los ataques por login
By , for WP 3.6.1

Muy intuitivo, fácil de configurar y efectivo a la hora de limitar los ataques al sitio. Informa por email cuando se bloquea un IP. Permite configurar todos los límites de intento y los plazos de tiempo en que se
bloquean los IP.

Great security plugin
By , for WP 3.6.1

Worth adding to your WordPress site.

Does a pretty good job but could be better
By , for WP 3.6

A US government warning published in April, 2013 states that "WordPress Sites Targeted by Mass Brute-force Botnet Attack" (Cf. http://1.usa.gov/176KLH4).

I have watched these botnet attacks hammer my own blogs for months and I am glad I found the LIMIT LOGIN ATTEMPTS plugin. It seems to help tremendously.

I would, however, like to see a "whitelist" option so that I can separate known, trusted "good" IP addresses from the rest. Once in a blue moon my own cookies get messed up and I cannot login to a blog. If I forget the password, this plugin blocks me.

To get around that I have to remove the plugin (as a server admin) and then login to the blog and then reinstall the plugin. I would just prefer to have a whitelist capability.

I do like the way I can extend jail time for bad IP addresses. Being able to change the parameters helps to block further attempts from new addresses that get out of jail before I can block them in my firewall or .htaccess files.

Another nice feature to have would be an EXPORT function. The botnets can be so aggressive that you compile thousands of IP addresses in a short time under a sustained brute force attack. Trying to capture all that data with standard COPY-AND-PASTE is tedious. I need to analyze the IP addresses in a spreadsheet so I can find patterns.

Saved my butt!
By , for WP 3.5.1

After hearing about a recent brute-force hack attempt targeting WordPress sites, I went to find a plugin to lock out usernames with x amount of failed logins.

This was the 3rd one I tried and by far the best. Did exactly what I needed to, perfectly.

Within the hour of installing it, I started seeing attempts at random IP's trying to login to four of my sites, but getting locked out.

Thanks!

Multi site needs admin control
By , for WP 3.4.1

Seems good, thanks for providing it.

But in a mutlisite, each non-site admin can change the login settings. There should be an option on the main site admin to be able to prevent this.

But this is a minor point.

The addin should be incorporated into the core WordPress. Users will pick weak passwords and be sloppy with them.

Anthony

You must log in to submit a review. You can also log in or register using the form near the top of this page.