PHPackages lipemat/limit-logins - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. lipemat/limit-logins ActiveWordpress-plugin[Security](/categories/security) lipemat/limit-logins ==================== WordPress plugin to prevent brute force attacks 1.3.1(1mo ago)01.7kMITPHPPHP >=8.2CI passing Since Apr 20Pushed 1mo ago1 watchersCompare [ Source](https://github.com/lipemat/limit-logins)[ Packagist](https://packagist.org/packages/lipemat/limit-logins)[ GitHub Sponsors](https://github.com/lipemat)[ RSS](/packages/lipemat-limit-logins/feed)WikiDiscussions master Synced 3w ago READMEChangelog (10)Dependencies (6)Versions (30)Used By (0) Limit Logins ============ [](#limit-logins) [ ![Version](https://camo.githubusercontent.com/24d4156cc7943b5d0f152e41d3f1a8bb87909bd66c0bea246c750b49a88f9531/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c6970656d61742f6c696d69742d6c6f67696e732e7376673f6c6162656c3d76657273696f6e) ](https://github.com/lipemat/limit-logins/releases/latest) [![WordPress](https://camo.githubusercontent.com/396cf55bc48fd8050cb35b71280e1a6c1f1021d7ea4d2f9db7b7409695d30410/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f776f726470726573732d3e3d362e342e302d677265656e2e737667)](https://camo.githubusercontent.com/396cf55bc48fd8050cb35b71280e1a6c1f1021d7ea4d2f9db7b7409695d30410/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f776f726470726573732d3e3d362e342e302d677265656e2e737667) [![PHP](https://camo.githubusercontent.com/456da169bedddbf5bff1809f863df7f184516d5a445699eb2ef19646ce650383/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6c6970656d61742f6c696d69742d6c6f67696e732e7376673f636f6c6f723d62726f776e)](https://camo.githubusercontent.com/456da169bedddbf5bff1809f863df7f184516d5a445699eb2ef19646ce650383/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6c6970656d61742f6c696d69742d6c6f67696e732e7376673f636f6c6f723d62726f776e) [![License](https://camo.githubusercontent.com/a91b28577d8b15756d5113a39667685f5032a632754335cf3bfff7d6b15f3ec1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6c6970656d61742f6c696d69742d6c6f67696e732e737667)](https://camo.githubusercontent.com/a91b28577d8b15756d5113a39667685f5032a632754335cf3bfff7d6b15f3ec1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6c6970656d61742f6c696d69742d6c6f67696e732e737667) WordPress plugin that limits the number of concurrent logins for a user. If you really want to prevent brute force attacks and are not concerned with annoying your legitimate users, this plugin may be for you. Purpose ------- [](#purpose) I had been using other limit login attempts plugins for a long time. Every time an attacker can find a way to attempt more logins than the set number, I wrote another extension and unit tests. While writing around something like 30 tests, I realized that no third-party plugin was ever going to provide the desired level of security. This plugin is the combination of every extension and unit test I wrote for the other plugins. Sorry attackers, but I'm over you. :-p Tracks ------ [](#tracks) - User ID - IP Address If the same IP or username fails to log in more than 5 times then neither the user, nor the IP will be able to log in for 12 hours. Notifications ------------- [](#notifications) An email is sent to the blocked user with a link to reset their password or unlock their account. This allows a legitimate user to regain access without waiting for the lockout period to expire. User Security ------------- [](#user-security) ### User Endpoints [](#user-endpoints) By default, WP provides user archives and REST endpoints for your users. Unfortunately, these endpoints expose the usernames of your users and give attackers something to go on. On the settings screen you will find options to disable these endpoints and prevent the exposure of usernames. ### Usernames [](#usernames) This library prevents common admin usernames from being used when creating a new user. Combined with disabling user endpoints, this makes it extremely difficult for an attacker to guess a valid username. ### Oembed Endpoint [](#oembed-endpoint) The oEmbed endpoint exposes the main user's username to the public. This plugin disables oEmbed embedding of the site and REST API. Installation ------------ [](#installation) ``` composer require lipemat/limit-logins ``` Usage ----- [](#usage) ``` require __DIR__ . '/vendor/autoload.php' ``` Notes ----- [](#notes) This plugin is intended to be used within an [OnPoint Plugins](https://onpointplugins.com) project. It is likely going to have a lot of assumptions that are specific to our projects. ### Health Score 49 — FairBetter than 94% of packages Maintenance93 Actively maintained with recent releases Popularity19 Limited adoption so far Community7 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~28 days Recently: every ~56 days Total 28 Last Release 35d ago Major Versions 0.17.2 → 1.0.02024-10-23 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1688181?v=4)[Mat Lipe](/maintainers/lipemat)[@lipemat](https://github.com/lipemat) --- Top Contributors [![lipemat](https://avatars.githubusercontent.com/u/1688181?v=4)](https://github.com/lipemat "lipemat (126 commits)") ### Embed Badge ![Health badge](/badges/lipemat-limit-logins/health.svg) ``` [![Health](https://phpackages.com/badges/lipemat-limit-logins/health.svg)](https://phpackages.com/packages/lipemat-limit-logins) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M134](/packages/mews-purifier)[oat-sa/tao-core TAO core extension 66140.1k108](/packages/oat-sa-tao-core)[jaxon-php/jaxon-core Jaxon is an open source PHP library for easily creating Ajax web applications 73147.2k29](/packages/jaxon-php-jaxon-core)[paragonie/ecc PHP Elliptic Curve Cryptography library 24772.0k35](/packages/paragonie-ecc) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)