WordPress Two Factor Authentication (CMAUTH) - How To - Limit Failed Login Attempts From the Same IP

How To - Limit Failed Login Attempts From the Same IP

Back to User Guide

Note: the feature covered in this guide was introduced in version 1.8.4.

Restrict Accounts

By number of devices | By number of IPs | By login attempts from IP

The WordPress Two Factor Authentication plugin allows you to limit the number of login attempts from the same IP in case if these attempts were failed. It adds an extra security level to your site and your users data.

You can define the specific login pages where to enable the restriction. For each URL you can set the allowed amount of login attempts until it will be paused for a certain period of time.

Settings

Head to Admin Dashboard → CM Secure Login Pro → IP tab.

Navigation to the IP settings tab - WordPress 2FA
Navigation to the IP settings tab

The options are:

Login attempts settings - WordPress Two Factor Authentication Plugin
Login attempts settings
  • Limit login attempts by IP - Enable this option to limit login attempts by IP.
  • Limit access to URLs - Here you can add multiple rules by clicking the button +. For each rule you need to fill the following:
    • URL - Add a URL of the page on your site that contains a login form.
    • Attempts Limit - Define the number of failed login attempts after which the user will be limited to login.
    • Per Seconds - Define how long the restriction will continue until allowing the user to login again from the same IP.

This way you can define restriction parameters for different login pages on your site.

Configuration example:

Configuration example - WP 2FA Plugin
Configuration example

Front-end Example:

Example after failing logins on the page https://site.com/wp-login.php. The user will be informed that he cannot login now and should try later.

Front-end example - WordPress Login SMS Verification
Front-end example

TIP

You can edit the message in the plugin Labels settings:

Navigation to the labels settings - 2 Factor Authentication for WordPress
Navigation to the labels settings

Find and edit the label login_error_ip_login_attempts under the IPs Restriction section. The placeholder %s allows to show the time until the restriction ends.

Changing the restriction message - WordPress Two Step Authentication
Changing the restriction message

Compatibility

Currently, the feature of limiting login attempts is compatible only with the standard WP login form and a login form provided by the plugin WordPress Registration Form Plugin.

Example of restriction with the login form by WordPress Registration Form Plugin:

Front-end example - WordPress Enable 2FA
Front-end example

More information about the WordPress Two Factor Authentication plugin

Other WordPress products can be found at CreativeMinds WordPress Store

Let us know how we can Improve this Product Documentation Page

To open a Support Ticket visit our support center
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.