Title: [Plugin: Limit Login Attempts] countdown Last modified: August 19, 2016 --- # [Plugin: Limit Login Attempts] countdown * Resolved [Roy](https://wordpress.org/support/users/gangleri/) * (@gangleri) * [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/) * I noticed this plugin keeps counting down, which actually made me delete it. First I installed it and used the default setting of 5 attempts and tried to see if it worked. It did. I mistaped the login later and the count went down to three and two, so I set the limit to 8 attempts. When I mistype again later( another day even), the counter keeps going down. Wouldn’t it be wiser to make some kind of time interval for a few hours after which a certain IP is cleared? Also, the plugin gives the IP in the options screen, but without the option to exclude that very IP from the lockdown. I just didn’t trust from not being locked out after some mistypes in the course of some time. (Now I installed one that doesn’t count, I may trust that one even less!) Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Contributor [johanee](https://wordpress.org/support/users/johanee/) * (@johanee) * [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715662) * You can control how long failed login attempts are remembered using the “xx hours until retries are reset” setting. * The default is 24 hours, and the time is reset at each failed attempt. * (If you have 1 failed attempts with 1 hour remaining until reset and fail again there will be 2 failed attempts with 24 hours remaining.) * Most sites can decrease this value (12 hours?) without major decrease in security provided. * You can remove a lockout-in-progres, but not whitelist IP’s. Adding such functionality… I’m not sure. I want to keep the basic security function as simple as possible. Not give an attacker anything to work with to get around the restrictions. * I’ll consider it. * Thread Starter [Roy](https://wordpress.org/support/users/gangleri/) * (@gangleri) * [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715693) * > xx hours until retries are reset * Oh boy, did I have s**t in my eyes! * > whitelist IP’s * Of course there’s the ‘remember me’ function. I never use it, but that’s an option for your users. * Thank you very much. * Plugin Contributor [johanee](https://wordpress.org/support/users/johanee/) * (@johanee) * [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715724) * > Of course there’s the ‘remember me’ function. * Yes, right. So really no need for a whitelist — good! * [Jason Wong](https://wordpress.org/support/users/eljkmw/) * (@eljkmw) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715866) * It’ll be best to incorporate the “time based” failed attempt reset with a successful attempt. For example, 3 attempts are given and the first 2 attempts failed but the last attempt succeeded, which should reset the number of failed attempts to zero. * I hope that this could be included in the next release. We’re only human, and mistakes are bound to happen whenever we type in our passwords … * Cheers, Jason * Plugin Contributor [johanee](https://wordpress.org/support/users/johanee/) * (@johanee) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715867) * No, this is very much by design. * Otherwise it would be possible to try “admin” for allowed retries – 1, and then log in to a normal account to reset count. Repeat until password broken. * To make that work we would have to keep track of number of retries for every user for every IP, but that would allow a single IP to fill up the DB — not good. * Nor can we keep track only per user as that would allow denial of service attacks against other users. * When you make mistakes you’ll get an ugly warning until the retries are reset. I don’t think that is too much trouble really. * I can recommend using a password manager. 🙂 * Also, as this is the fifth time I’m answering this question I’ll put it in the FAQ. * [Jason Wong](https://wordpress.org/support/users/eljkmw/) * (@eljkmw) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715868) * You’ve a point there. Thanks for the advice =) Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘[Plugin: Limit Login Attempts] countdown’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/limit-login-attempts.svg) * [Limit Login Attempts](https://wordpress.org/plugins/limit-login-attempts/) * [Frequently Asked Questions](https://wordpress.org/plugins/limit-login-attempts/#faq) * [Support Threads](https://wordpress.org/support/plugin/limit-login-attempts/) * [Active Topics](https://wordpress.org/support/plugin/limit-login-attempts/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/limit-login-attempts/unresolved/) * [Reviews](https://wordpress.org/support/plugin/limit-login-attempts/reviews/) * 6 replies * 3 participants * Last reply from: [Jason Wong](https://wordpress.org/support/users/eljkmw/) * Last activity: [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-limit-login-attempts-countdown/#post-1715868) * Status: resolved