
Limit Login Attempts – Block Brute Force Attacks in WordPress
Protect your WordPress website from brute force attacks and bots by limiting failed login attempts and blocking suspicious IPs automatically.
active installs Version 1.3.1
Last updated 10 months ago
Requires WP 5.6

This plugin is awesome. It has all the features that I exactly needed. Thanks to you.
Upgrade to Limit Attempts Pro...
Description
Limit Attempts is a lightweight yet powerful WordPress security plugin that protects your website from brute force attacks and unauthorized login attempts. Automatically block suspicious IPs, manage deny and allow lists, and keep your login and form entries secure.
Why Choose Our WordPress Limit Login Attempts Plugin?
- Brute Force Protection: Prevent hackers from guessing user passwords by limiting the number of failed login attempts per IP.
- Custom IP Control: Add IPs or IP ranges to deny or allow lists manually or automatically after multiple failed attempts.
- Login Form Security: Block access to login, registration, and password reset forms for blocked IPs or denylisted users.
- Detailed Logging: Monitor login activity by tracking IP addresses, usernames, event times, and more in your dashboard.
- Captcha Integration: Combine with Captcha or reCaptcha plugins to detect bots and consider incorrect inputs as failed login attempts.
- GeoIP Blocking: Block login attempts from specific countries or regions with the Pro version.
- Notification System: Get email alerts about blocked or denylisted IPs to stay informed about threats in real time.
- SEO Friendly: Protect your site without slowing it down or interfering with SEO plugins, themes, or indexing.
How to Limit Login Attempts in WordPress
- Install the Plugin: Go to Plugins → Add New in your WordPress dashboard, search for “Limit Attempts by BestWebSoft,” then click Install & Activate.
- Set Login Attempt Limits: Choose how many failed logins to allow and how long to block an IP after reaching the limit.
- Manage IP Lists: Manually or automatically add IPs to deny or allow lists. View blocked users and manage them with ease.
- Enable Captcha Validation: Boost security by enabling Captcha or reCaptcha protection for login forms.
- Monitor & Respond: Track login stats, failed attempts, and blocked access directly from your dashboard or via email notifications.
That’s it! With Limit Attempts, your WordPress website is protected from brute force login attacks, spam bots, and suspicious IP activity — all with simple setup and advanced control features.
Documentation & Videos
User Guide
Installation
Brief Overview
Instruction on Installation
We are constantly update the existing translations and add new to the list.
Limit Attempts Free vs Pro – Secure Your WordPress Site from Brute-Force Attacks
Compare the features of the free and premium versions of the Limit Attempts plugin by BestWebSoft. Protect your WordPress login, forms, and website from brute-force attacks by limiting failed attempts, blocking suspicious IPs, and customizing your security settings.
Main Features – Free vs Pro
Feature | Free Version | Pro Version |
---|---|---|
Block IPs After Failed Login Attempts | ✔️ | ✔️ |
Denylist and Allowlist Management | Manual IPs | ✔️ IPs, Ranges, Countries, Emails |
GeoIP Blocking (by Country) | — | ✔️ |
Captcha & reCaptcha Compatibility | ✔️ Basic | ✔️ Pro & Advanced Forms |
Block by Incorrect Captcha | ✔️ | ✔️ with Captcha Pro |
Email & Domain Denylist | — | ✔️ |
Custom Error Messages | ✔️ | ✔️ |
Block Non-existent Usernames | — | ✔️ |
Statistics Dashboard Widget | — | ✔️ |
Log Tab with Detailed Events | ✔️ Basic | ✔️ Full (IP, Hostname, Form, Time) |
Multisite Network Support | — | ✔️ |
Email Notifications (Blocked, Denylisted) | ✔️ | ✔️ Custom Emails Supported |
Support | Community | ✔️ 1 business day response |
Protect Your WordPress Site From Day One
With the Limit Attempts plugin by BestWebSoft, you get powerful login protection with just a few clicks. Stop brute-force attacks, secure forms, monitor suspicious activity, and block users or bots before they cause harm.
Upgrade to the Pro version to unlock advanced deny and allow list features, GeoIP and email blocking, full event logging, and multisite support – ideal for growing businesses, agencies, or security-conscious site owners.
Pro Features
- IP Ranges and Masks: Add IP address ranges or masks to deny and allow lists for more flexible access control.
- GeoIP Filtering: Block or allow IP addresses based on countries using the built-in GeoIP database.
- Email-Based Blocking: Add specific email addresses or entire email domains to deny or allow lists.
- Advanced Login Attempt Management: Set a total number of failed login attempts before blocking or denylisting an IP address.
- Detailed Deny/Allow List Configuration: Manage IPs by country, IP range, and add custom reasons for better list tracking.
- Captcha Pro Compatibility: Treat incorrect captcha input on compatible forms as a failed login attempt.
- reCaptcha Integration: Treat failed reCaptcha validation as an invalid login attempt on supported forms.
- Fake Username Protection: Choose how to handle login attempts using non-existent usernames — block or denylist instantly or based on custom thresholds.
- Advanced Log Management: View login attempt data including IP, username, password, hostname, event, form used, and timestamp.
- Login Statistics Dashboard: Track login activity and blocked attempts with charts and summary diagrams on the settings page or dashboard widget.
- Multisite Ready: Configure plugin settings across all subsites in a WordPress Multisite network.
- Premium Support: Receive expert help within one business day (Support Policy).

Simple settings for fast setup without modifying code.

We honor all refund requests within 30 days after your purchase. If you are not happy then it’s our fault.

The support team that is passionate about their job is here to stay and solve all the questions you have!
Over 3,000,000 Happy Users
BestWebSoft is always the perfect solution for you. Just check out what other people are saying about us!

He fulfills his task. I am happy with it. Thanks
Limit Attempts by BestWebSoft

This plugin countered more than 8000 attacks on my site. Keep up the good work!
Great Thanks.

After one of my sites got hacked a few years ago, I installed this plug-in on all my WordPress accounts to try to prevent it from happening again. For the first few months I got almost daily attack reports but now it’s down to just a handful each year (I can’t imagine how many IPs must be on my block list by now). Thank you!
FAQ
Yes, you can set a limit for failed login attempts. Once the limit is reached, the user’s IP address can be blocked or added to the deny list automatically.
Yes, the plugin lets you add individual IPs, IP ranges, or even country-based IPs to allow or deny lists using flexible filtering options.
Yes, the plugin is compatible with BestWebSoft’s Captcha and reCaptcha plugins. Failed captcha input can be treated as a login attempt.
Yes, you can choose to immediately block or denylist IPs attempting to log in with invalid usernames, adding an extra layer of protection.
Yes, the plugin logs IPs, usernames, events, and more. You can also view a summary chart of login activity and blocked attempts on the dashboard.
Yes, Limit Attempts supports WordPress Multisite and allows you to configure protection across all subsites from the network admin panel.
Absolutely. The plugin is designed to detect and block repeated login failures, fake usernames, and bot attacks in real-time to prevent brute-force login attempts.
Free features remain active, but you will lose access to IP range control, GeoIP blocking, Captcha/reCaptcha integration, detailed logging, and one-business-day support.
Still have questions?
Submit a request