Secure My WP Site – Limit Login

Protect your WordPress site from brute force attacks by limiting the number of login attempts allowed per IP address.

Prerequisites

Before using the plugin:

  1. Secure My WP Site – Login plugin must be installed and activated

Core Features

  • Configurable login attempt limits
  • Customizable lockout duration
  • IP-based tracking
  • Automatic lockout enforcement
  • Clear error messaging
  • Simple management interface
  • Brute force prevention

Quick Start

  1. Upload the plugin files to /wp-content/plugins/secure-my-wp-site-limit
  2. Make sure Secure My WP Site – Login plugin is installed and activated
  3. Activate the plugin through WordPress admin
  4. Use the Limit Login settings page to configure attempt limits and lockout duration
  5. Protection begins immediately after activation

Configuration Options – Login Attempts

  • Maximum Attempts: Set number of allowed attempts (default: 5)
  • Lockout Duration: Set lockout time in minutes (default: 30)
  • IP Tracking: Automatic tracking per IP address
  • Reset: Attempts reset after lockout period

Security Features – Lockout System

  • Automatic attempt tracking
  • IP-based restrictions
  • Temporary lockouts
  • Clear error messages

Admin Features – Settings Management

  • Configure attempt limits
  • Set lockout durations
  • Monitor login attempts
  • Manage security settings

Integration Support

  • Works with Secure My WP Site – Login plugin
  • Compatible with all login forms
  • Works with custom login pages
  • Integrates with error handling

Troubleshooting Common Issues

  1. Plugin Not Activating
    • Verify Secure My WP Site – Login is installed and active
    • Check PHP version requirement
    • Ensure WordPress version is compatible
  2. Lockout Issues
    • Verify IP detection is working
    • Check lockout duration settings
    • Confirm attempt counting
  3. Error Messages
    • Check message display settings
    • Verify WordPress notices
    • Test with default theme

Security Best Practices

  1. Set reasonable attempt limits (3-5 recommended)
  2. Use appropriate lockout duration (15-30 minutes)
  3. Monitor failed login attempts
  4. Keep plugin updated
  5. Use with other security measures

Technical Details

  • Uses WordPress transients for tracking
  • IP addresses are sanitized and validated
  • Secure storage of attempt counts
  • Automatic cleanup of expired data

Requirements

  • WordPress 5.0 or higher
  • PHP 7.4 or higher
  • Modern web browser with JavaScript enabled
  • Secure My WP Site – Login plugin installed and activated

Important Notes

  • Affects all login attempts
  • IP-based restrictions apply globally
  • Clear error messages guide users
  • Automatic attempt reset after lockout

License

GPLv2 or later

Scroll to top