Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms

April 30, 2024

Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms Plugin

Protect WordPress website against brute force attacks. Limit rate of login attempts.

Limit Attempts plugin is a security solution for WordPress which protects your website from spam and brute-force attacks. Limit the number of failed login attempts per user and block user IP for a certain period of time based on your settings. This will stop automated scripts to generate a large number of different combinations and hack your website.

Manage deny and allow lists, receive email notifications, hide website forms for blocked or added to the deny list IPs, and other advanced features which guarantee safety of your data.

Secure your website today!

View Demo

Free Features

Automatically block IP addresses that exceed limit login attempts
Automatically add IP addresses that exceed blocks limit to the deny list
Manually add IP addresses to:
- Deny list
- Allow list
Compatible with Contact Form:
- Set the time interval for letters sending
- Set the number of emails sent per indicated time interval
Hide login, register, lost password forms for blocked or added to the deny list IPs
Add denylisted IP address to the htaccess file with Htaccess to reduce your website database workload
Consider incorrect captcha as a failed login attempt with Captcha
Manage your statistics list with:
- IP address
- Number of failed attempts
- Number of blockings
- Status
Customize error messages for:
- Invalid attempt
- Blocked user
- Denylisted user
Send customizable notifications about blocked and deny listed users to:
- User email
- Custom email
Compatible with latest WordPress version
Incredibly simple settings for fast setup without modifying code
Detailed step-by-step documentation and videos
Multilingual and RTL ready

Pro Features
All features from Free version included plus:
Add IP address ranges or IP masks to deny and allow list
Add certain country’s IP addresses to the deny and allow lists – GeoIP database
Add email address or email domain to the deny and allow lists
Manage total number of failed attempts with blocked list additional option
Manage deny and allow lists with extended options:
Country
Range from
Range to
Reason
Compatible with Captcha Pro and Captcha Plus:
Consider the incorrect captcha input as an invalid attempt for the forms compatible with Captcha
Compatible with reCaptcha:
Consider failed reCaptcha validation as an invalid attempt for the forms compatible with reCaptcha plugin
Set the option for non-existent username log in:
According to time and login attempts set for Block- and deny list
Block IP immediately
Add IP to Deny list immediately
Manage your log tab with:
IP address
Username
Password
Internet Hostname
Event
Form
Event time
Summary diagram with login attempts statistic and prevented hacking attempts in the settings page and in a dashboard widget
Configure all subsites on the network
You can use Limit Attempts Captcha for default forms
Get answer to your support question within one business day (Support Policy)
Upgrade to Pro Now

If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! Suggest a Feature

Documentation & Videos

Help & Support

Visit our Help Center if you have any questions, our friendly Support Team is happy to help – https://support.bestwebsoft.com/

Translation

Polish (pl_PL) (thanks to Damian Dąbrowski)
Russian (ru_RU)
Ukrainian (uk)

Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send the text of PO and MO files to BestWebSoft and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO files Poedit.

Recommended Plugins

Updater – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.
Captcha – #1 super security anti-spam captcha plugin for WordPress forms.
Htaccess – Protect WordPress website – allow and deny access for certain IP addresses, hostnames, etc.

Installation

Upload the limit-attempts folder to the /wp-content/plugins/ directory.
Activate the plugin using the ‘Plugins’ menu in your WordPress admin panel.
You can adjust the necessary settings using your WordPress admin panel in “Limit Attempts”.
Set your own options or use defaults, create, if you need, allow or/and deny list.

View a Step-by-step Instruction on Limit Attempts Installation

Screenshots

Message with allowed retries.
Error message when a user has been blocked.
Error message when a user has been added to deny list.
Plugin settings in WordPress admin panel.
Additional settings which allow to customize error messages in the form.
Plugin additional settings which allow to customize email messages.
Tab with Blocked IP addresses.
Tab with Blocked Email addresses.
Deny list with IP addresses.
Deny list with email addresses.
Add new Ip.
Allow list settings tab.
Tab with Statistics.

FAQ

What can the options on the “Settings” tab be used for?

The “Settings” tab includes all the basic plugin settings that allow blocking addresses, displaying notifications and interacting with other BestWebSoft plugins.
“Lock options:”. This block includes settings for automatic blocking of the user’s IP address for a certain period ( “Block address for ‘x’ days ‘y’ hours ‘z’ minutes” ), after a certain number of failed login attempts ( “after ‘x’ failed attempts” ) within a specified time frame ( “per ‘x’ days ‘y’ hours ‘z’ minutes” ).
“Block options:”. Here you can find settings for automatic adding of the user’s IP address to the deny list after a certain number of blocks ( “Add to the deny list after ‘x’ blocks” ) within a specified period of time ( “per ‘x’ days ‘y’ hours ‘z’ minutes” ).
“Show additional options for block message.” This block includes fields for customizing messages displayed in the login form. To display certain variables, you can use their names, which can be found to the left of the field itself.
“Send mail with notify to administrator”. This option enables sending messages to the administrator concerning users recently blocked or added to the deny list. Also, you can specify the email address these notifications will be sent from.
“Show additional options for email message”. Here you can find fields for customizing email messages concerning the blocking of a user. Similar to “Show additional options for block message” block, you can use the names to display certain variables, which are located to the left of the field itself.
“Htaccess plugin”. This block enables the interaction with Htaccess plugin. All deny list and blocking data is copied to the .htaccess file, which reduces your website’s workload and improves site security.
“Captcha”. This option enables the interaction with Captcha plugin. Also, this is where you can specify whether incorrect captcha input should be considered a failed login attempt.

Where can I find the list of the blocked users?

All blocked users are listed on the “Blocked addresses” tab. Also, this is where the time a block will be removed is displayed. However, there is also an option to remove the block manually.

How do I add users to the deny or allow list?

Both “Deny list” and “allow list” tabs have separate fields for address input. Also, there is an option to add a range of addresses or subnets with the help of various masks.

There is a lot of entries in my allow and deny lists, mostly masks, how can I find out whether a certain IP address is on one of these lists?

To do so, you need to enter the necessary IP address in the search field. When done, all entries related to the sought-for address will be displayed in the chart.

Where can I find failed login attempts statistics?

The statistics of IP addresses of users who failed to enter login data correctly at least once is displayed on the “Log” tab. Also, this tab is a place to search for the number of failed login attempts and blocks, as well as the current status of this IP address.

How can I unblock a user manually?

To unblock a certain user, go to the “Blocked addresses” tab on the plugin’s page and search for the necessary address in the “IP adress” column. This done, a “Reset block” option will appear when you move the cursor to the user’s address. Click on this caption and the IP address will be unblocked. To unblock a group of users, you can use “Bulk Actions”: mark the addresses that have to be unblocked, choose the “Reset block” action and click “Apply.”

What will happen if I add a user to both the allow and deny lists?

In case it happened so that a user is on both the deny and allow list, the deny list will have a higher priority.

I accidentally added my address to the deny list, how can I fix that?

There are several ways to fix this issue:

Log in to your account from another computer with a different ip address and remove your ip address from the deny list.
Log in to your account through Proxy Avoidance program or website and remove your ip address from the deny list.
If you have access to the database, find the datasheet with the ip addresses on the deny list (it ends with “lmtttmpts_blacklist”) and remove your ip address from this datasheet. However, this method should only be used at the very outside, as, chances are, the plugin will not function properly as a result.

I do not receive email notifications about blocked ip addresses, what shall I do?

First off, make sure you have selected the option to send email notifications to the administrator on the plugins settings page. Also, make sure your email is entered correctly.
If you have checked all of the above-mentioned and everything seems to be correct, it is possible that the mail out was blocked or delayed significantly by your hosting. Also, it is likely that your emails are automatically moved to the spam box, so you might want to check it.

I’ve noticed a short delay with automatic blocking of a user. Did I do something wrong?

This may happen when you enable sending email notifications. No need to worry, your site’s and your plugin’s performance will not be affected whatsoever.

I saw the message “With such … options` settings the user`s IP will never get into the deny list…” when saving plugin settings. What does it means?

This means that you put wrong values in “Block address” and “Add to the deny list” options. You have to change them so that they correspond to the formula:

{"Add to the deny list per" option} < {"Block address for" option} * {"Add to the deny list after" option}

I have some problems with the plugin’s work. What Information should I provide to receive proper support?

Please make sure that the problem hasn’t been discussed yet on our forum (https://support.bestwebsoft.com). If no, please provide the following data along with your problem’s description:

the link to the page where the problem occurs
the name of the plugin and its version. If you are using a pro version – your order number.
the version of your WordPress installation
copy and paste into the message your system status report. Please read more here: Instruction on System Status

Changelog

V1.3.1 – 30.04.2024

Update : Security fixes.
Update : BWS panel section was updated.
Update : All functionality was updated for WordPress 6.5.

V1.3.0 – 08.03.2024

Update : All functionality was updated for WordPress 6.4.
Update : BWS panel section was updated.
Pro: Limit Attempts Captcha for default forms was added.
Bugfix : Database queries have been optimized.

V1.2.9 – 19.05.2021

Pro : Email priority Deny and Allow lists issue has been fixed.
Bugfix : The issue with displaying pagination on tables has been fixed.
Update : Adding items to Deny and Allow lists has been moved to a separate page.
Update : The plugin settings page has been updated.
Update : BWS panel section was updated.
Update : All functionality was updated for WordPress 5.7.2.

V1.2.8 – 24.11.2020

Bugfix : Database queries have been optimized.
Update : BWS Panel section was updated.
Update : Blacklist and whitelist replaced with deny list and allow list.

V1.2.7 – 15.07.2020

NEW : Ability to block emails sent from certain email address via Contact Form by BestWebSoft was added.
Bugfix : Fixed small bags.
Update : BWS panel section was updated.

V1.2.6 – 04.09.2019

Update : The deactivation feedback has been changed. Misleading buttons have been removed.

V1.2.5 – 04.06.2019

PRO : Ability to add the email address to the Whitelist has been added.
Bugfix : Fixed small bags.
Update : BWS menu has been updated.

V1.2.4 – 04.03.2019

PRO : Ability to save the “Username” and “Password” which were used in the failed login attempts.

V1.2.3 – 15.01.2019

Update : All functionality was updated for WordPress 5.0.2.
Bugfix : Fixed small bags.

V1.2.2 – 19.10.2017

Update : The Compatibility with Captcha Pro by BestWebSoft has been improved.

V1.2.1 – 01.03.2017

Bugfix : The bug with saving settings on the multisite was fixed.
Bugfix : The bug with saving IP to whitelist or blacklist was fixed.
PRO : The bug with updating lists was fixed.
PRO : The bug with adding IP to Htaccess by BestWebSoft plugin has been fixed.

V1.2.0 – 13.10.2017

Update : All functionality for wordpress 4.8.2 has been updated.
PRO : Compatibility with the Google Captcha (reCAPTCHA) by BestWebSoft has been added.

V1.1.9 – 19.06.2017

Update : All functionality for wordpress 4.8 was updated.
Pro : Statistic displaying has been updated.

V1.1.8 – 17.03.2017

NEW: An ability to add IP address to the Whitelist from the Blocked List.
Update : The plugin settings page has been updated.

V1.1.7 – 06.10.2016

Update : Block and blacklist functionality improved.
Pro : An ability to edit the reason of adding to black- or whitelist has been added.
Pro : Compatibility with the Captcha Pro by BestWebSoft plugin has been updated. WooCommerce plugin support has been added.

V1.1.6 – 08.08.2016

Update : All functionality for WordPress 4.6 was updated.

V1.1.5 – 27.06.2016

Update : The Polish language file has been updated.
Update : BWS Panel section is updated.

V1.1.4 – 08.04.2016

Update : The Polish language file has been updated.
Bugfix : The bug with the displaying of the HTML tags in error messages has been fixed.
Bugfix : The bug with the automatic unblocking of users has been fixed.
Bugfix : The bug with the automatic blacklisting of users has been fixed.
Bugfix : The bug with the creating of plugin’s database tables has been fixed.

V1.1.3 – 26.01.2016

NEW : Ability to hide the login form, the registration form and the lost password form for blocked or blacklisted IPs.
Bugfix : Bug with displaying of list of blocked IPs has been fixed.
Bugfix : Bugs with the recording/removing of statistical data in the database have been fixed.
Bugfix : Bugs with the pagination on plugin`s settings pages have been fixed.
Update : Compatibility with the Htaccess by BestWebSoft plugin has been updated.
Update : Functionality for the login form, the registration form and the lost password form has been updated.
Update : Functionality for wordpress 4.4.1 has been updated.

V1.1.2 – 21.10.2015

Bugfix : We fixed the bug with adding IP to the blacklist.
Update : BWS plugins section is updated.

V1.1.1 – 09.10.2015

NEW : Ability to add your IP in to the whitelist.
Update : We updated the list with IP addresses displaying in the black- and whitelist.
Bugfix : We fixed SQL injection vulnerability in the function of obtaining IP-address of the user.
Update : We updated all functionality for wordpress 4.3.1.

V1.1.0 – 21.07.2015

NEW : Ability to restore default settings.

V1.0.9 – 12.06.2015

Bugfix: We changed the mechanism of unlocking IP addresses on the timer.

V1.0.8 – 14.05.2015

NEW : The Polish language file is added.
Bugfix: Undefined user blocking after plugin activation is fixed.
Bugfix: Access priority when IP is included to the black- and whitelist at the same time (blacklist has higher priority).
NEW: Ability to search by part IP.
NEW: Additional notifications on the plugin pages.

V1.0.7 – 30.01.2015

Update : Compatibility with new Htaccess was added.
Update : The work of IP unblocking function was improved.

V1.0.6 – 30.12.2014

Update : Settings tab on plugin settings page was updated (interactivity was improved).
Update : The name of the ‘Log’ tab on the plugin settings page was changed to ‘Statistics’.
Bugfix : Performance issue on ‘Statistics’ page was fixed.

V1.0.5 – 11.09.2014

Update : We updated all functionality for wordpress 4.0.
Bugfix : Added missing closing tags .

V1.0.4 – 08.08.2014

Bugfix : Security Exploit was fixed.

V1.0.3 – 04.08.2014

Update : We updated all functionality for wordpress 4.0-beta2.
Bugfix : Bug with Number of failed attempts is fixed.

V1.0.2 – 19.06.2014

Bugfix : Added support for working with multisite.
NEW : Added the ability to customize error messages in login form.
NEW : Added the ability to customize customize email messages.
NEW : Java scripts was added.

V1.0.1 – 27.05.2014

Bugfix : Deleting unused sql query.
NEW : Added messages in admin page.

V1.0.0 – 05.05.2014

Bugfix : The code refactoring was performed.
NEW : Css-style was added.
NEW : Added messages in login form.