Limit Attempts by BestWebSoft


Limit Attempts plugin is a security solution for WordPress which protects your website from spam and brute-force attacks. Limit the number of failed login attempts per user and block user IP for a certain period of time based on your settings. This will stop automated scripts to generate a large number of different combinations and hack your website.

Manage deny and allow lists, receive email notifications, hide website forms for blocked or added to the deny list IPs, and other advanced features which guarantee safety of your data.

Secure your website today!

View Demo

Free Features

  • Automatically block IP addresses that exceed limit login attempts
  • Automatically add IP addresses that exceed blocks limit to the deny list
  • Manually add IP addresses to:
    • Deny list
    • Allow list
  • Compatible with Contact Form:
    • Set the time interval for letters sending
    • Set the number of emails sent per indicated time interval
  • Hide login, register, lost password forms for blocked or added to the deny list IPs
  • Add denylisted IP address to the htaccess file with Htaccess to reduce your website database workload
  • Consider incorrect captcha as a failed login attempt with Captcha
  • Manage your statistics list with:
    • IP address
    • Number of failed attempts
    • Number of blockings
    • Status
  • Customize error messages for:
    • Invalid attempt
    • Blocked user
    • Denylisted user
  • Send customizable notifications about blocked and deny listed users to:
    • User email
    • Custom email
  • Compatible with latest WordPress version
  • Incredibly simple settings for fast setup without modifying code
  • Detailed step-by-step documentation and videos
  • Multilingual and RTL ready

Pro Features

All features from Free version included plus:

  • Add IP address ranges or IP masks to deny and allow list
  • Add certain country’s IP addresses to the deny and allow lists – GeoIP database
  • Add email address or email domain to the deny and allow lists
  • Manage total number of failed attempts with blocked list additional option
  • Manage deny and allow lists with extended options:
    • Country
    • Range from
    • Range to
    • Reason
  • Compatible with Captcha Pro and Captcha Plus:
    • Consider the incorrect captcha input as an invalid attempt for the forms compatible with Captcha
  • Compatible with reCaptcha:
    • Consider failed reCaptcha validation as an invalid attempt for the forms compatible with reCaptcha plugin
  • Set the option for non-existent username log in:
    • According to time and login attempts set for Block- and deny list
    • Block IP immediately
    • Add IP to Deny list immediately
  • Manage your log tab with:
    • IP address
    • Username
    • Password
    • Internet Hostname
    • Event
    • Form
    • Event time
  • Summary diagram with login attempts statistic and prevented hacking attempts in the settings page and in a dashboard widget
  • Configure all subsites on the network
  • Get answer to your support question within one business day (Support Policy)

Upgrade to Pro Now

If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! Suggest a Feature

Documentation & Videos

Help & Support

Visit our Help Center if you have any questions, our friendly Support Team is happy to help –


Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send the text of PO and MO files to BestWebSoft and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO files Poedit.

Recommended Plugins

  • Updater – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.
  • Captcha – #1 super security anti-spam captcha plugin for WordPress forms.
  • Htaccess – Protect WordPress website – allow and deny access for certain IP addresses, hostnames, etc.


  • Message with allowed retries.
  • Error message when a user has been blocked.
  • Error message when a user has been added to deny list.
  • Plugin settings in WordPress admin panel.
  • Additional settings which allow to customize error messages in the form.
  • Plugin additional settings which allow to customize email messages.
  • Tab with Blocked IP addresses.
  • Tab with Blocked Email addresses.
  • Deny list with IP addresses.
  • Deny list with email addresses.
  • Allow list settings tab.
  • Tab with Statistics.


  1. Upload the limit-attempts folder to the /wp-content/plugins/ directory.
  2. Activate the plugin using the ‚Plugins‘ menu in your WordPress admin panel.
  3. You can adjust the necessary settings using your WordPress admin panel in „Limit Attempts“.
  4. Set your own options or use defaults, create, if you need, allow or/and deny list.

View a Step-by-step Instruction on Limit Attempts Installation

Časté otázky

What can the options on the „Settings“ tab be used for?

The „Settings“ tab includes all the basic plugin settings that allow blocking addresses, displaying notifications and interacting with other BestWebSoft plugins.
„Lock options:“. This block includes settings for automatic blocking of the user’s IP address for a certain period ( „Block address for ‚x‘ days ‚y‘ hours ‚z‘ minutes“ ), after a certain number of failed login attempts ( „after ‚x‘ failed attempts“ ) within a specified time frame ( „per ‚x‘ days ‚y‘ hours ‚z‘ minutes“ ).
„Block options:“. Here you can find settings for automatic adding of the user’s IP address to the deny list after a certain number of blocks ( „Add to the deny list after ‚x‘ blocks“ ) within a specified period of time ( „per ‚x‘ days ‚y‘ hours ‚z‘ minutes“ ).
„Show additional options for block message.“ This block includes fields for customizing messages displayed in the login form. To display certain variables, you can use their names, which can be found to the left of the field itself.
„Send mail with notify to administrator“. This option enables sending messages to the administrator concerning users recently blocked or added to the deny list. Also, you can specify the email address these notifications will be sent from.
„Show additional options for email message“. Here you can find fields for customizing email messages concerning the blocking of a user. Similar to „Show additional options for block message“ block, you can use the names to display certain variables, which are located to the left of the field itself.
„Htaccess plugin“. This block enables the interaction with Htaccess plugin. All deny list and blocking data is copied to the .htaccess file, which reduces your website’s workload and improves site security.
„Captcha“. This option enables the interaction with Captcha plugin. Also, this is where you can specify whether incorrect captcha input should be considered a failed login attempt.

Where can I find the list of the blocked users?

All blocked users are listed on the „Blocked addresses“ tab. Also, this is where the time a block will be removed is displayed. However, there is also an option to remove the block manually.

How do I add users to the deny or allow list?

Both „Deny list“ and „allow list“ tabs have separate fields for address input. Also, there is an option to add a range of addresses or subnets with the help of various masks.

There is a lot of entries in my allow and deny lists, mostly masks, how can I find out whether a certain IP address is on one of these lists?

To do so, you need to enter the necessary IP address in the search field. When done, all entries related to the sought-for address will be displayed in the chart.

Where can I find failed login attempts statistics?

The statistics of IP addresses of users who failed to enter login data correctly at least once is displayed on the „Log“ tab. Also, this tab is a place to search for the number of failed login attempts and blocks, as well as the current status of this IP address.

How can I unblock a user manually?

To unblock a certain user, go to the „Blocked addresses“ tab on the plugin’s page and search for the necessary address in the „IP adress“ column. This done, a „Reset block“ option will appear when you move the cursor to the user’s address. Click on this caption and the IP address will be unblocked. To unblock a group of users, you can use „Bulk Actions“: mark the addresses that have to be unblocked, choose the „Reset block“ action and click „Apply.“

What will happen if I add a user to both the allow and deny lists?

In case it happened so that a user is on both the deny and allow list, the deny list will have a higher priority.

I accidentally added my address to the deny list, how can I fix that?

There are several ways to fix this issue:

  1. Log in to your account from another computer with a different ip address and remove your ip address from the deny list.
  2. Log in to your account through Proxy Avoidance program or website and remove your ip address from the deny list.
  3. If you have access to the database, find the datasheet with the ip addresses on the deny list (it ends with „lmtttmpts_blacklist“) and remove your ip address from this datasheet. However, this method should only be used at the very outside, as, chances are, the plugin will not function properly as a result.

I do not receive email notifications about blocked ip addresses, what shall I do?

First off, make sure you have selected the option to send email notifications to the administrator on the plugins settings page. Also, make sure your email is entered correctly.
If you have checked all of the above-mentioned and everything seems to be correct, it is possible that the mail out was blocked or delayed significantly by your hosting. Also, it is likely that your emails are automatically moved to the spam box, so you might want to check it.

I’ve noticed a short delay with automatic blocking of a user. Did I do something wrong?

This may happen when you enable sending email notifications. No need to worry, your site’s and your plugin’s performance will not be affected whatsoever.

I saw the message „With such … options` settings the user`s IP will never get into the deny list…“ when saving plugin settings. What does it means?

This means that you put wrong values in „Block address“ and „Add to the deny list“ options. You have to change them so that they correspond to the formula:

{"Add to the deny list per" option} < {"Block address for" option} * {"Add to the deny list after" option}

I have some problems with the plugin’s work. What Information should I provide to receive proper support?

Please make sure that the problem hasn’t been discussed yet on our forum ( If no, please provide the following data along with your problem’s description:

  1. the link to the page where the problem occurs
  2. the name of the plugin and its version. If you are using a pro version – your order number.
  3. the version of your WordPress installation
  4. copy and paste into the message your system status report. Please read more here: Instruction on System Status


23. novembra 2017
He fulfills his task. I am happy with it. Thanks 🙂 Limit Attempts by BestWebSoft
11. mája 2017
I've been using this plugin for a couple of years and been very happy with the results. I have Securi installed and it was constantly emailing me about failed login attempts until I installed this.
16. marca 2017
Install this plug-in now, pokoke apiklah


27. novembra 2016
Pracuje perfektně
Prečítať všetkých 37 recenzií

Prispievatelia a vývojári

“Limit Attempts by BestWebSoft” je softvér s otvoreným zdrojovým kódom. Do tohto pluginu prispeli nasledujúci ľudia.


„Limit Attempts by BestWebSoft“ bol preložený do 2 jazykov. Ďakujeme prekladateľom za ich príspevky.

Preložiť „Limit Attempts by BestWebSoft“ do vašho jazyka.

Máte záujem o vývoj?

Prehľadávajte zdrojový kód, preskúmajte SVN repozitár, alebo sa prihláste na odber vývojárskeho logu cez RSS.

Zoznam zmien

V1.2.8 – 24.11.2020

  • Bugfix : Database queries have been optimized.
  • Update : BWS Panel section was updated.
  • Update : Blacklist and whitelist replaced with deny list and allow list.

V1.2.7 – 15.07.2020

  • NEW : Ability to block emails sent from certain email address via Contact Form by BestWebSoft was added.
  • Bugfix : Fixed small bags.
  • Update : BWS panel section was updated.

V1.2.6 – 04.09.2019

  • Update : The deactivation feedback has been changed. Misleading buttons have been removed.

V1.2.5 – 04.06.2019

  • PRO : Ability to add the email address to the Whitelist has been added.
  • Bugfix : Fixed small bags.
  • Update : BWS menu has been updated.

V1.2.4 – 04.03.2019

  • PRO : Ability to save the „Username“ and „Password“ which were used in the failed login attempts.

V1.2.3 – 15.01.2019

  • Update : All functionality was updated for WordPress 5.0.2.
  • Bugfix : Fixed small bags.

V1.2.2 – 19.10.2017

  • Update : The Compatibility with Captcha Pro by BestWebSoft has been improved.

V1.2.1 – 01.03.2017

  • Bugfix : The bug with saving settings on the multisite was fixed.
  • Bugfix : The bug with saving IP to whitelist or blacklist was fixed.
  • PRO : The bug with updating lists was fixed.
  • PRO : The bug with adding IP to Htaccess by BestWebSoft plugin has been fixed.

V1.2.0 – 13.10.2017

  • Update : All functionality for wordpress 4.8.2 has been updated.
  • PRO : Compatibility with the Google Captcha (reCAPTCHA) by BestWebSoft has been added.

V1.1.9 – 19.06.2017

  • Update : All functionality for wordpress 4.8 was updated.
  • Pro : Statistic displaying has been updated.

V1.1.8 – 17.03.2017

  • NEW: An ability to add IP address to the Whitelist from the Blocked List.
  • Update : The plugin settings page has been updated.

V1.1.7 – 06.10.2016

  • Update : Block and blacklist functionality improved.
  • Pro : An ability to edit the reason of adding to black- or whitelist has been added.
  • Pro : Compatibility with the Captcha Pro by BestWebSoft plugin has been updated. WooCommerce plugin support has been added.

V1.1.6 – 08.08.2016

  • Update : All functionality for WordPress 4.6 was updated.

V1.1.5 – 27.06.2016

  • Update : The Polish language file has been updated.
  • Update : BWS Panel section is updated.

V1.1.4 – 08.04.2016

  • Update : The Polish language file has been updated.
  • Bugfix : The bug with the displaying of the HTML tags in error messages has been fixed.
  • Bugfix : The bug with the automatic unblocking of users has been fixed.
  • Bugfix : The bug with the automatic blacklisting of users has been fixed.
  • Bugfix : The bug with the creating of plugin’s database tables has been fixed.

V1.1.3 – 26.01.2016

  • NEW : Ability to hide the login form, the registration form and the lost password form for blocked or blacklisted IPs.
  • Bugfix : Bug with displaying of list of blocked IPs has been fixed.
  • Bugfix : Bugs with the recording/removing of statistical data in the database have been fixed.
  • Bugfix : Bugs with the pagination on plugin`s settings pages have been fixed.
  • Update : Compatibility with the Htaccess by BestWebSoft plugin has been updated.
  • Update : Functionality for the login form, the registration form and the lost password form has been updated.
  • Update : Functionality for wordpress 4.4.1 has been updated.

V1.1.2 – 21.10.2015

  • Bugfix : We fixed the bug with adding IP to the blacklist.
  • Update : BWS plugins section is updated.

V1.1.1 – 09.10.2015

  • NEW : Ability to add your IP in to the whitelist.
  • Update : We updated the list with IP addresses displaying in the black- and whitelist.
  • Bugfix : We fixed SQL injection vulnerability in the function of obtaining IP-address of the user.
  • Update : We updated all functionality for wordpress 4.3.1.

V1.1.0 – 21.07.2015

  • NEW : Ability to restore default settings.

V1.0.9 – 12.06.2015

  • Bugfix: We changed the mechanism of unlocking IP addresses on the timer.

V1.0.8 – 14.05.2015

  • NEW : The Polish language file is added.
  • Bugfix: Undefined user blocking after plugin activation is fixed.
  • Bugfix: Access priority when IP is included to the black- and whitelist at the same time (blacklist has higher priority).
  • NEW: Ability to search by part IP.
  • NEW: Additional notifications on the plugin pages.

V1.0.7 – 30.01.2015

  • Update : Compatibility with new Htaccess was added.
  • Update : The work of IP unblocking function was improved.

V1.0.6 – 30.12.2014

  • Update : Settings tab on plugin settings page was updated (interactivity was improved).
  • Update : The name of the ‚Log‘ tab on the plugin settings page was changed to ‚Statistics‘.
  • Bugfix : Performance issue on ‚Statistics‘ page was fixed.

V1.0.5 – 11.09.2014

  • Update : We updated all functionality for wordpress 4.0.
  • Bugfix : Added missing closing tags .

V1.0.4 – 08.08.2014

  • Bugfix : Security Exploit was fixed.

V1.0.3 – 04.08.2014

  • Update : We updated all functionality for wordpress 4.0-beta2.
  • Bugfix : Bug with Number of failed attempts is fixed.

V1.0.2 – 19.06.2014

  • Bugfix : Added support for working with multisite.
  • NEW : Added the ability to customize error messages in login form.
  • NEW : Added the ability to customize customize email messages.
  • NEW : Java scripts was added.

V1.0.1 – 27.05.2014

  • Bugfix : Deleting unused sql query.
  • NEW : Added messages in admin page.

V1.0.0 – 05.05.2014

  • Bugfix : The code refactoring was performed.
  • NEW : Css-style was added.
  • NEW : Added messages in login form.