Limit Login Attempts DoLogin

GeoLocation (Continent/Country/City) or IP range to limit login attempts. Support Whitelist and Blacklist. Will have free text SMS message passcode fo …

Author:WPDO (profile at
WordPress version required:4.0
WordPress version tested:5.4.1
Plugin version:2.8
Added to WordPress repository:27-09-2019
Last updated:27-05-2020
Rating, %:100
Rated by:2
Plugin URI:
Total downloads:21 663
Active installs:1 000+
plugin download
Click to start download

In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.

Limit the number of login attempts through both the login and the auth cookies.

  • Free text SMS message passcode for 2nd step verification support.

  • Google reCAPTCHA.

  • GeoLocation (Continent/Country/City) or IP range to limit login attempts.

  • Passwordless login link.

  • Support Whitelist and Blacklist.

  • GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).

  • WooCommerce Login supported.

  • XMLRPC gateway protection.


  • Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : ''; to generate one passwordless login link for the current user.

  • Call the function $link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note/tip for this generation', $user_id ) : ''; to generate a passwordless login link for the user which ID is $user_id.

The generated one-time used link will be expired after 7 days.

  • Define const SILENCE_INSTALL to avoid redirecting to setting page after installtion.


  • List all passwordless links: wp dologin list

  • Generate a passwordless link for one username (for the login name root): wp dologin gen root

  • Delete a passwordless link w/ the ID in list (for the record w/ ID 5): wp dologin del 5

How GeoLocation works

When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist/blacklist to decide if allow login attempts.


The online IP lookup service is provided by The provider’s privacy policy is

Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.