As of April 2026, Limit Login Attempts (Spam Protection) is a WordPress firewall plugin with 200 active installations and a 3.9/5 rating from 7 reviews. It has been downloaded 13K+ times in total. Requires WordPress 4.6+ and PHP 7.2+. Available on WordPress.org since 2020. Top alternative: Wordfence Security – Firewall, Malware….
3.9/57 reviews
200active installs
13K+total downloads
6 yearssince 2020
Overview
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Basic Features
- Limit the number of retry attempts when logging in.
- Configurable lockout timings.
- Email notification of blocked attempts (Detailed email containing all necessary information).
- Notify the user of remaining attempts.
- Report containing all blocked attempts.
- Whitelist/Blocklist of IPs (Support IP ranges).
- Allow/Bl…
Screenshots
Ratings & Reviews
3.97 reviews
5 ★
5
4 ★
0
3 ★
0
2 ★
0
1 ★
2
Compatibility
| WordPress | 4.6+ requiredTested up to 6.8.5 |
| PHP | 7.2+ required |
Top Alternatives to Limit Login Attempts (Spam Protection)
Frequently Asked Questions
Changelog
5.6
Security Bug fixing – part 2
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.