Limit Login Attempts
Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.
4.6(202 reviews)
·300K+ active installs·Updated 3 years agoAs of April 2026, Limit Login Attempts is a WordPress login plugin with 300K+ active installations and a 4.6/5 rating from 202 reviews. It has been downloaded 2.3M+ times in total. Requires WordPress 2.8+ and PHP false+. Available on WordPress.org since 2009. Last updated 3 years ago — may have compatibility concerns. Downloads are down 13% this week. Top alternative: WPS Hide Login.
4.6/5202 reviews
300K+active installs
2.3M+total downloads
17 yearssince 2009
Overview
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Features
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy
- It is possibl…
Screenshots
Ratings & Reviews
4.6202 reviews
5 ★
170
4 ★
13
3 ★
3
2 ★
4
1 ★
12
Recent Reviews
Indispensable Plugin! Vital to the health of my site!
by wiitguru·1 year ago
Thanks, Automattic!!!! This plugin has thwarted over 100 hacking attempts on my website in the last few months! I won’t operate without this plugin!!!
Love this plugin
by Guido·2 years ago
I absolutely hate bloated plugins, so I love this one. It’s simple and works as expected. Guess it’s wise to use a plugin such as this one, against brute force attacks.
Guido
Exactly what is should be
by doreenhawdon·2 years ago
Does what it says on the tin. Like another similar plugin before it became bloatware. The only feature I would request is the ability to send notifications to another email address, I like to keep my admin email clean.
Interesante
by inakijm·5 years ago
Se lo pone más dicícil a los hackers que quieren acceder a tu blog ya que les limita el número de accesos.
Not maintained but still works
by wroot·5 years ago
Would be good to get new versions and fix possible security issues (if any), but it seems to still work.
Download Trends
Today: 116Yesterday: 135This week: 921Period total: 66K
Compatibility
| WordPress | 2.8+ requiredTested up to 6.2.9 |
| PHP | false+ required |
Version Adoption
v1.7
100.0%
v1.6
0.0%
Top Alternatives to Limit Login Attempts
Frequently Asked Questions
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.