Limit Login Attempts DoLogin

GeoLocation (Continent/Country/City) or IP range to limit login attempts. Support Whitelist and Blacklist. Will have free text SMS message passcode fo …

Author:WPDO (profile at wordpress.org)
WordPress version required:4.0
WordPress version tested:6.3.3
Plugin version:3.8
Added to WordPress repository:27-09-2019
Last updated:13-09-2023
Rating, %:90
Rated by:12
Plugin URI:
Total downloads:120 893
Active installs:4 000+
plugin download
Click to start download

In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.

Limit the number of login attempts through both the login and the auth cookies.

  • Two-factor Authentication login.

  • Text SMS message passcode for 2nd step verification support.

  • Google reCAPTCHA.

  • GeoLocation (Continent/Country/City) or IP range to limit login attempts.

  • Passwordless login link.

  • Support Whitelist and Blacklist.

  • GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).

  • WooCommerce Login supported.

  • XMLRPC gateway protection.

API

  • Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : ''; to generate one passwordless login link for the current user.

  • Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note/tip for this generation', $user_id ) : ''; to generate a passwordless login link for the user which ID is $user_id.

The generated one-time used link will be expired after 7 days.

  • Define const SILENCE_INSTALL to avoid redirecting to setting page after installtion.

CLI

  • List all passwordless links: wp dologin list

  • Generate a passwordless link for one username (for the login name root): wp dologin gen root

  • Delete a passwordless link w/ the ID in list (for the record w/ ID 5): wp dologin del 5

How GeoLocation works

When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist/blacklist to decide if allow login attempts.

Privacy

The online IP lookup service is provided by https://www.doapi.us. The provider’s privacy policy is https://www.doapi.us/privacy.

Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.


Screenshots
ChangeLog