How To Limit WordPress Login Attempts


WordPress is one of the most popular content management systems used to create websites. It is used by millions of people worldwide, which makes it a prime target for hackers. One of the ways that hackers try to gain access to your website is by using brute force attacks to guess your login credentials. Brute force attacks work by trying different username and password combinations until they find the correct one. One way to prevent brute force attacks is to limit the number of login attempts. In this blog post, we will discuss how to limit login attempts on WordPress with and without a plugin.

Method 1: Using a Plugin

The easiest and most common way to limit login attempts on WordPress is to use a plugin. Here are the steps to follow:

Step 1: Install and activate a plugin like Limit Login Attempts Reloaded or Login Lockdown. You can do this by going to your WordPress dashboard and selecting “Plugins” > “Add New.”

Step 2: Once the plugin is activated, go to the plugin settings page and configure the number of login attempts, lockout time, and other settings as per your requirements. You can usually find the plugin settings under “Settings” > “Login Lockdown” or a similar name.

Step 3: Save the settings and you are done. The plugin will now limit the number of login attempts and lock out users who exceed the limit. This is the most recommended way to limit login attempts as it is easy and efficient.

Method 2: Without a Plugin

If you don’t want to use a plugin, you can limit login attempts by adding code to your WordPress functions.php file. Here are the steps to follow:

Step 1: Connect to your website using an FTP client or file manager.

Step 2: Go to the wp-content/themes/your-theme-folder/ directory and find the functions.php file.

Step 3: Add the following code to the end of the file:

function limit_login_attempts() {
    $retry_time = 5 * MINUTE_IN_SECONDS;
    if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
        $ip_address = $_SERVER['HTTP_CLIENT_IP'];
    } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
        $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ip_address = $_SERVER['REMOTE_ADDR'];
    $login_count = get_transient( 'login_attempts_' . $ip_address );
    if ( $login_count >= 3 ) {
        $time_remaining = get_option( 'transient_timeout_login_attempts_' . $ip_address );
        $time_remaining = ceil( ( $time_remaining - time() ) / 60 );
        wp_die( 'You have exceeded the maximum number of login attempts. Please try again in ' . $time_remaining . ' minutes.' );
    if ( is_wp_error( $user ) ) {
        set_transient( 'login_attempts_' . $ip_address, $login_count, $retry_time );
        if ( $login_count >= 3 ) {
            set_transient( 'timeout_login_attempts_' . $ip_address, time() + $retry_time, $retry_time );
    } else {
        delete_transient( 'login_attempts_' . $ip_address );
        delete_transient( 'timeout_login_attempts_' . $ip_address );
add_action( 'wp_login_failed', 'limit_login_attempts' );

Step 4: Save the file and upload it to your server.

This code will limit the login attempts to 3 per IP address and lock out the user for 5 minutes if they exceed the limit. You can change the values as per your requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

22 May 2023
6 Expert Tips for Designing a Memorable Logo for Your Brand
Designing a great logo is essential for any business or brand. A logo is the visual representation of...
19 May 2023
Easy Ways To Rank Higher On Google
Ranking higher on Google search results can make a significant difference in the success of your website...
17 May 2023
Secure Your Site: How To Change The WordPress Admin Dashboard URL
As a popular content management system, WordPress is a frequent target for hackers and cyber attacks....
15 May 2023
Shopify v. WooCommerce: Which One is Right For Your Business?
Shopify and WooCommerce are two of the most popular e-commerce platforms available today. Both platforms...
12 May 2023
Change The WordPress Login Logo With A Simple Plugin (Advanced)
To change the WordPress login logo, you can create a simple plugin that uses the login_enqueue_scripts...