WordPress websites are vulnerable to brute force attacks where hackers use automated scripts and long lists of usernames and passwords to crack website login. 

By default, there are no restrictions on login attempts. So, hackers continuously try to crack your WordPress site. Such unsecured websites often fall victim to these attacks. 

LoginPress plugin's Limit Login Attempts Add-on is a simple fix to this problem. It limits the number of attempts users have to log into your website, so you can easily protect your website against brute force attacks.  

Note: We assume that you have already upgraded to LoginPress Pro. If not, you can check out our guide on How To Install And Activate LoginPress PRO Version?

This knowledgebase article will show you how to limit login attempts with LoginPress on a WordPress site using the LoginPress plugin's Limit Login Attempts Add-on.

Let's get started!

Limit Login Attempts Add-on in LoginPress

Step 1: Activate Limit Login Attempts Add-on

First, go to the left sidebar of the WordPress admin dashboard. Navigate to LoginPress and click Add-Ons. 

Next, you need to find the Limit Login Attempts Add-On and Toggle On the button to activate it.

Step 2. Go to Limit Login Attempts Add-on

First, go to LoginPress on the left sidebar of the WordPress admin dashboard menu and click on Settings. 

You can see the Limit Login Attempts tab next to the Settings tab.

Note: Don’t forget to click the Save Settings button to store changes made with the Limit Login Attempts Add-on.

Step 3. Get Started with Limit Login Attempts Add-on

Under the Limit Login Attempts tab, you can find the four following tabs.

• Settings
• Attempt Details
• Whitelist
• Blacklist

Tab 1: Settings

The main functionality of the LoginPress Limit Login Attempts Add-on resides inside the Settings tab. It lets you manage login attempts to your WordPress site in terms of allowed attempts and lockout time.

Note: Don’t forget to click the Save Settings button to store changes made with the Limit Login Attempts Add-on.

Once you click the Settings tab, you’ll find the following settings.

1. Attempts Allowed: 

The Attempts Allowed feature helps you set the numbers of login attempts a user is allowed before they are locked out. 

2. Minutes Lockout: 

In this field, you need to enter the number of minutes a user won’t be able to access the website login after they’ve exhausted this limit.

3. IP Address:

You can also lock an IP address if it tries to log in too many times. Enter the IP address in this field, and make that IP Address Whitelisted or Blacklisted based on the attempt details.

4. Disable XML RPC Request

You can toggle on the XML RPC button to get remote updates to WordPress from other applications.

5. Remove Record On Uninstall

When you toggle the Remove Record On Uninstall button, this feature will help you remove all LoginPress Limit Login Attempts records upon uninstall.

Once you are done with defining allowed login attempts and lockout time, you can see the history of all those who will be whitelisted listed in the future.

Tab 2: Attempt Details

The Attempts Details tab gives you a deep insight into your WordPress site's login attempts, including IP, Date & Time, Username, Password, and Gateway. 

Note: Based on their attempt details, you can either Whitelist or Blacklist that user.

Under the Attempt Details tab, you can find a beautiful layout with the attempts that failed to detail. Here you can find the details:

1. IP: 

The IP address of the user.

2. Date & Time: 

The date & time when he tries to log in to your site.

3. Username: 

Which username does he try to log in to your site?

4. Password: 

Which password does he try to log in to your site?

5. Gateway:

Which gateway does he use to log in on your site (WP Login, Woocommerce, Widget)?

6. Action:

 Here is the main feature of login attempts.

7. Unlock: 

You can unlock the IP address. After that user will be able to log in again without lockout restriction.

8. Whitelist: 

You can add the IP address to the whitelist. The user will no longer face the limitation restriction. 

9. Blacklist: 

After clicking on Blacklist Button, the IP address will be added to the blacklist. The user will no longer be able to see your WordPress site's login page and wp-admin. 

Tab 3: Whitelist

Under the Whitelist tab, you can find the whitelisted IP address with a beautiful layout. Here you can manage all the Whitelisted users.

1. Clear: 

Remove the Whitelisted IP for a particular IP address. After Removing the IP from the whitelist, there will be no login restriction for that IP address.

Tab 4: Blacklist

Under the Blacklist tab, you can find the blacklisted IP address with a beautiful layout. Here you can

1. Clear: 

Remove the Blacklisted IP for a particular IP. After Removing from the blacklist, that IP address will be able to see a login page and wp-admin.

That's it! We've demonstrated how to add the Limit Login Attempts with LoginPress Add-on. Try LoginPress Limit Login Attempts Add-on now to shield your WordPress site against brute force attacks.

Let us know how much this article helped you! 

If you have any doubts or questions related to this matter, please don't hesitate to contact our support team.