---
title: "How to Limit Failed Login Attempts in WordPress?"
url: https://nexterwp.com/docs/limit-login-attempts-in-wordpress/
date: 2025-08-19
modified: 2026-03-31
author: "Aditya Sharma"
description: "Do you want to protect your WordPress site from brute force attacks by limiting failed login attempts? Hackers often try to guess passwords by repeatedly attempting to log in, and..."
image: https://nexterwp.com/wp-content/uploads/2025/08/How-to-Limit-Failed-Login-Attempts-in-WordPress-1024x538.jpg
word_count: 625
---

# How to Limit Failed Login Attempts in WordPress?

## Key Takeaways

- Nexter Extension (Free) allows users to limit failed login attempts and view logs.
- Nexter Extension (Pro) enables exclusion of specific IP addresses from being blocked after failed login attempts.
- Users can set a limit of 3 failed login attempts before an IP is blocked for 15 minutes using Nexter Extension (Free).
- Nexter Extension (Free) requires adding HTTP_X_FORWARDED_FOR in the Detect IP from Specific Header field when using a proxy.

Do you want to protect your WordPress site from brute force attacks by limiting failed login attempts? Hackers often try to guess passwords by repeatedly attempting to log in, and without restrictions, they can make unlimited attempts. By setting a limit on failed logins, you can block suspicious IP addresses after a set number of incorrect tries, greatly reducing the risk of unauthorized access.

With the [Nexter Extension (Free)](https://wordpress.org/plugins/nexter-extension/) and [Nexter Extension (Pro)](https://nexterwp.com/nexter-extension//), you can easily limit the number of failed login attempts in your WordPress site.

This is a freemium feature. If you are using the free Nexter Extension version, you can limit the number of failed login attempts, target IPs for specific headers and view logs.

With the Nexter Extension pro version, you can exclude IPs from getting blocked. 

[LIVE EXTENSION LINK](https://nexterwp.com/nexter-extensions/limit-login-attempts-for-wordpress/)

## How to Limit Failed Login Attempts with the Nexter Extension Free?

https://www.youtube.com/watch?v=9Bk-5KGlmbk

To limit the failed login attempts with the Nexter Extension free plugin, from the WordPress Dashboard, go to **Nexter **>** Extensions** > **Security**.

Then go to the **Limit Login Attempts **section, enable the toggle and click on the gear icon (⚙).

![](https://nexterwp.com/wp-content/uploads/2025/08/enable-limit-login-attempts-new.png)

It will open the Limit Login Attempts pop-up.

In the first box, you can set the number of failed login attempts allowed before the system temporarily blocks the user’s IP address for 15 minutes.

For example, if you set this value to 3, it means that after 3 consecutive failed login attempts, the IP address will be blocked for 15 minutes. 

In the next box, you can set how many times that IP address can receive a 15-minute block before the penalty increases to a 30-minute block.

For example, if you set this value to 2, it means that once a specific IP has been blocked for 15 minutes twice in a row, the next failed login attempt will trigger a 30-minute block instead.

If your site is using a proxy or security service such as Cloudflare, Sucuri, or your hosting provider’s load balancer, then you have to add **HTTP_X_FORWARDED_FOR** in the **Detect IP from Specific Header** field.

Normally, your server can see a visitor’s real IP address directly. However, when traffic passes through a proxy or security service, your server will instead see the proxy’s IP address, not the actual visitor’s IP. The visitor’s real IP is stored in a special HTTP header sent by the proxy.

Adding HTTP_X_FORWARDED_FOR in the **Detect IP from Specific Header** field tells the plugin to read the real visitor IP from that specific header.

If you’re not behind a proxy, leave it blank.

You can see the failed login details by clicking the **View Logs** button.

Once done, click on the **Save** button to save the changes.

![](https://nexterwp.com/wp-content/uploads/2025/08/limit-login-attempts-settings-free.png)

Now, as per your settings, users will be blocked for a certain period after a certain number of failed login attempts.

## How to Exclude IP Addresses from Being Blocked for Failed Login Attempts with the Nexter Extension Pro?

If you’re using the **Nexter Extension Pro** plugin, you can prevent specific IP addresses from being blocked, even if they exceed the allowed number of failed login attempts. 

This feature is especially useful to ensure you don’t accidentally block yourself or other trusted people working on the site.

To do that, open the Limit Login Attempts pop-up.

In the **Never Block IP Addresses** field, you have to add the IP address. You can add multiple IP addresses on a new line.

The rest of the options are the same available with the Nexter Extension free plugin.

Once done, click on the **Save** button.

![](https://nexterwp.com/wp-content/uploads/2025/08/limit-login-attempts-settings-pro.png)

Now, any users connecting from the specified IP addresses will remain unblocked, no matter how many failed login attempts they make. This keeps your security tight while ensuring safe access for trusted users.