Limit Login Attempts Reloaded – WordPress Security Plugin

WordPress by default allows unlimited login attempts. This allows passwords to be cracked via brute-force relatively easily. Using the Limit Login Attempts Reloaded plugin, you can set the number of times a user can attempt to log in before blocking them from making further login attempts.

Though WordPress is a secure platform, this doesn’t make your site immune to break-ins. By installing Limit Login Attempts Reloaded plugin, you can protect your websites login form from being brute forced.

You can download the Limit Login Attempts Reloaded plugin from WordPress repository.


  • Limit the number of retry attempts when logging in. You can configure the limit settings per each IP address.
  • Informs the user about the remaining retries or lockout time on the login page.
  • Optional logging and optional email notification.
  • It is possible to whitelist/blacklist IPs and Usernames.
  • WooCommerce login page protection.
  • Sucuri Website Firewall compatibility.
  • XMLRPC gateway protection.
  • Multi-site compatibility with extra MU settings.
  • Custom IP origins support (Cloudflare, Sucuri, etc.)
  • GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
  • Supports multiple languages.


  • Brute force attacks are a common attack vector for hackers, and WordPress sites are often easy targets.
  • To prevent hackers and bots from brute-forcing your login form, you can install and configure Limit Login Attempts Reloaded plugin.

Leave a Comment