How to set Limits on Failed Login Attempts in WordPress

The default functionality of WordPress allows unlimited login attempts to the users, which is a big threat for bloggers using WordPress. Hackers or bots made for hacking actually break the password by attempting again and again to login. Therefore, placing limit over the failed login attempts is actually a nice decision which keeps your blog safe from the hacking bots.

How to Stop Failed Login Attempts?

Limit Login Attempts, a WordPress plugin that does not only puts the limit upon the login attempts but also brings it to your knowledge by sending an email to the admin with the IP address from which the attempt was made. Not only this but it also lists the IP address within the login information page under its own setting page.

  1. Download and Install the plugin
  2. Go to Settings > Limit Login Attempts
  3. Setup the plugin according to your desire or you can actually go to the help section of the plugin if you remain unable to understand anything.


Try to keep the retries to minimum in order to avoid the hacker breaking through else I will suggest to increase the default 20 minutes to at least an hour for the lockout minutes. Make sure to check the box in front of email to admin and set it to the same number as of the allowed retries. This will actually notify you the same moment as someone makes the failed login attempts.

If you see some IP which constantly fails to login, I will suggest to block that IP or put it in the blacklist. If you have any further queries feel free to place them in comments or write to me via contact for.

Leave a Reply