Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides


  1. cheryleduryea says:

    Hmm it looks like your site ate my first comment (it was super long) so I guess I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog. I as well am an aspiring blog writer but I’m still new to the whole thing. Do you have any points for beginner blog writers? I’d certainly appreciate it.

  2. agustinpenny920 says:

    Hi, of course this article is genuinely good and I have learned lot of things from it regarding blogging. thanks.

  3. adelaida5489 says:

    With havin so much content and articles do you ever run into any issues of plagorism or copyright violation? My blog has a lot of unique content I’ve either created myself or outsourced but it seems a lot of it is popping it up all over the web without my agreement. Do you know any methods to help prevent content from being stolen? I’d certainly appreciate it.

  4. Suji says:


    Thanks 4 d article. Informative.

    Is there any option to limit the login attempts without using any plugins?

  5. YNS says:


    With the a bundle of trusted plugins (which at the same time offer multiple other security feature), It’s no longer that hard to protect WordPress sites from attacks like login attempt.

    Those complaining about the feature not being in-built should realize the functionality extensions are meant to serve. The WordPress ecosystem is just scalable, I really like it. But need more partnership with powerful CDN provider. In countries like China, a good plugin like JetPack becomes useless because all the IPs it connects to are malicious to the Great Firewall.

    This Blog is very useful, especially when promoting successful open source WordPress projects.

  6. Brad says:

    One of my sites get’s nearly 100 login attempts per month. Like many of you, I find it odd since it’s not an ecommerce site and we gather no user information. I installed Wordfence Security plugin which offers lock out options for any incorrect username as well as by IP and even entire countries.

    It also has several other defenses which have proved to be invaluable. The web isn’t safe without some sort of protection. If you any of you know of a better one, please share.

    Safe Programming!

  7. Ed Dogan says:
  8. marian chapa says:

    hey.. i forgot my admin password for my website.. how can i get access to edit my site

  9. Steve says:

    No one has mentioned Jetpack, which has a module called Brute Protect. This blocks users from suspicious IP addresses automatically. It is based on a global network that can track spammers from all over the web.

  10. Pete says:

    Thank you for another the tip. I use BackupBuddy and I love that it automatically runs my backups but it also enables users to easily migrate sites to other servers. Especially going from a local host to a live server.

  11. Donna says:

    Its funny I get this email b/c I work up to 27 attempts at my site over night from all over the world.. I mean really what do they want I have a sewing and fashion blog? What they attempt to gain from this taking over my site and pay them?? I just changed my settings a few days ago prior to this article because I was getting quite a few hacks.. Now this am over 27 which is the most I have ever seen.

  12. Connor Rickett says:

    Is that a question that really needs an answer? Because it prevents brute force hacking (or at least slows it way down).

    Why WP doesn’t come with limited login attempts out of the box, now THAT’S a question that I’d like to see a blog post addressing.

  13. Iza says:

    I am using Limit Login Attempts in combination with another great safety plug-in called WP-Ban. The Limit Login Attempts plug-in sends me an e-mail after second I believe unsuccessful login attempt with the IP of the user. I paste this user into Ban plug-in and next time, the user will not be able to try log-in at all. Just another layer of security against trolls.

    • Nika says:

      Limit Login Attempts hasn’t been updated in over 3 years. It’s outdated. Login LockDown has poor functionality and why it’s recommended here I don’t know.
      A few weeks ago I’ve installed WP Cerber instead.
      It looks like a strong solution. It does all the things as expected.

      • WPBeginner Support says:

        We do not agree that Login Lockdown has poor functionality. It does exactly what it says. We haven’t tested WP Cerber yet so we cannot comment on that.

  14. Joris Heyndrickx says:

    I think it’s time WordPress should have configurable paths so that we finally can het rid of I saw requests for this, 8 years ago.

  15. Jon Schear says:

    I’ve used this a couple times. Brought the usual load of 50 emails an hour about lockout notifications down to 0.

    Recaptcha is another good one, but much more difficult to implement.

  16. Han Balk says:

    I switched from LLA to Wordfence, because of all the extra security features it’s got.

    Every Operating System has a feature to limit login attempts. I know WordPress is a CMS and not an OS, But it is a mature CMS and the WordPress community would greatly benefit of a buitlin login limitation that’s enabled by default. A lot of WordPress sites are “vulnerable” for unlimited login attempts, because they’re not properly protected and the owners are not security aware.

    It can’t be that difficult to built in a login limitation and enable it by default in one of the forthcoming WordPress versions?

  17. Howard says:

    Limit Login Attempts has not been updated in a couple of years, and has some “holes” in it. I discovered this in my logs, where I found nearly 100 “lockouts” in a 10-minute period from the same IP. The lockouts were activated after the 2nd unsuccessful attempts, and were supposed to be for 72 hours. They were coming so fast that it was an effective DoS, and required some effort to get it stopped. It’s fairly obvious that the script kiddie has bypassed the lockout. The attacks from that IP address stopped when I was finally able to add it to the deny list in .htaccess.
    I still use LLA for the limited but useful information and notifications, but I don’t rely on it to keep my site secure.

  18. FranE says:

    I notice this functionality on some of my sites, even though they don’t have the plugin installed. Is it included in certain themes? Maybe Genesis?

    • WPBeginner Staff says:

      We are not aware of any themes including this functionality. Remember themes are not supposed to add functionality to your WordPress site. Functionality comes under plugins. May be it is something added by your web host?

  19. Grayhambo says:

    There appear to be some compatibility issues with this plugin with WP 4.0, as it hasn’t been updated in over 2 years. Can lock you out of the admin panel. If this happens, then you need to disable the plugin in the usual way, using something like cPanel access.

  20. Torben Heikel Vinther says:

    Sounds like a good and simple plugin, but why not use Better WP Security instead? BWS has a whole section about Limit Login Attempts AND many other security issues in one single plugin! In addition BWS was last updated 2013-8-24. Limit Login Attempts hasn’t been updated since 2012-6-1!

    • Editorial Staff says:

      Torben, there are a lot of plugins that offers this functionality. Limit Login Attempts is a simple plugin that does one thing and does it real well. That’s not to say that BWS is a bad solution. It’s a very good solution (over 1 million downloads on the plugin already proves that).

      • Nika says:

        I’ve been using the Limit Login Attempts plugin for my sites for a while. Now this plugin is outdated. Be honest. Did you use Limit Login Attempts on your site?

        • WPBeginner Support says:

          Since it has expired we have updated the article and replaced it with login lockdown plugin.

  21. abdelhafidcom says:

    what about login lookdown plugin ? is it useful ? should i replace with this plugin ?

    • wpbeginner says:

      @abdelhafidcom That’s also good. It does the same thing. It just hasn’t been updated in a while.

  22. AlbertAlbs says:

    Thanks for sharing this WordPress security information.

  23. ColeRuddick says:

    Excellent tip! As WordPress is the most widely used platform out there now, site security should be something all users are taking seriously and this plugin is a great help. Thanks for sharing!

  24. namaserajesh says:

    Agree with you, Limit Login Attempts is very good plugin to protect our WordPress blog.

  25. joeytribbiani says:

    I prefer Login Lock. It is officially compatible up to version 3.3.1

  26. Alan says:

    Thanks for this!

  27. doug_eike says:

    I’ve been looking for ways to protect my blog, and your plugin suggestion looks as if it might be helpful. I’ll take a look at it. Thanks!

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.