The Failed Login Attempt Limit feature in the Simple Membership plugin adds an extra layer of security to your site by limiting the number of consecutive failed login attempts a user can make. Once the defined limit is reached, the user will be temporarily locked out for a specified period of time. This helps protect your site against brute-force login attacks and unauthorized access attempts. In this guide, you’ll learn how to enable, configure, and customize this feature to suit your site’s security needs.
Table of Contents
- How the Failed Login Attempt Limit Works
- How to Enable Failed Login Attempt Limit
- How to Test This Feature
How the Failed Login Attempt Limit Works
The Failed Login Attempt Limit feature is designed to protect your site from brute-force attacks by temporarily locking out users who repeatedly enter incorrect login credentials.
When this feature is enabled:
- The plugin tracks the number of failed login attempts made by each visitor (based on IP address).
- If a visitor exceeds the maximum allowed number of failed attempts (which you can configure), the plugin will temporarily block further login attempts from that IP.
- The visitor will see a message indicating they have been locked out and will need to wait for the lockout period to expire before trying again.
- After the lockout period ends, the visitor can attempt to log in again.
This feature helps safeguard your membership site by slowing down and discouraging automated login attacks, while still allowing legitimate users to try again after a short wait.
How to Enable Failed Login Attempt Limit
To enable the Failed Login Attempt Limit feature, follow these steps:
- From your WordPress dashboard, navigate to
Simple Membership>Settings. - Click on the Advanced Settings tab to access additional configuration options.
- Find the option labeled “Enable Failed Login Attempt Limit“. Check the box to activate the feature.
- Click the Save Settings button to apply the changes.
Refer to the screenshot below for details on this settings option.
How to Test This Feature
For testing purposes, you can set the active login limit to 2. Then open a new browser where you are not logged into any account (for example, you can use an incognito browser to test this).
Try logging in with a valid username (or email) but an incorrect password. Repeat this process until you reach the number of failed attempts you set in the “Maximum Failed Login Attempts” setting.
After exceeding the limit, you should see an error message indicating that you’ve been locked out.
After the lockout duration ends (based on your “Lockout Time in Minutes” setting), try logging in again with the correct credentials. You should now be able to log in successfully, confirming that the feature is working as expected.