How to Limit Login Attempts in WordPress

By default, WordPress allows unlimited login attempts, which leaves your site vulnerable to brute-force attacks. Limiting login attempts blocks attackers after a set number of failed tries. dotCanada recommends this as a basic security measure for every WordPress site.

Using Limit Login Attempts Reloaded

The most widely used plugin for this is Limit Login Attempts Reloaded, with millions of active installations.

  1. Go to Plugins > Add New and search for Limit Login Attempts Reloaded.
  2. Click Install Now, then Activate.
  3. Navigate to Settings > Limit Login Attempts to configure the plugin.

Recommended Settings

  • Allowed retries: 3 — lock out after three failed attempts
  • Lockout period: 20 minutes for the first lockout
  • Longer lockout: 24 hours after four lockouts
  • Notify on lockout: enable email notifications to admin

You can also whitelist your own IP address to ensure you are never locked out of your own site. Check your current IP in the plugin settings and add it to the whitelist field.

Alternative: Wordfence

If you are already using Wordfence Security, it includes built-in brute-force protection and login attempt limiting, so you may not need a separate plugin.

For help configuring login protection on your dotCanada hosting account, contact our support team.

Previous

How to Set Up Two-Factor Authentication in WordPress

Next

How to Change the WordPress Login URL

Related Articles

What Is WordPress and Is It Right for Me?How to Install WordPress Using SoftaculousHow to Log Into the WordPress Admin DashboardWordPress Dashboard Overview for Beginners

100% Satisfaction Guarantee

We're so confident you'll love dotCanada that we offer a 30-day money-back guarantee. Not satisfied? Get a full refund, no questions asked.

Ready to Get Started?

Join thousands of Canadian website owners who trust dotCanada for reliable, fast web hosting.

Get Started Today