Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

Why isn’t the login page rate limited by default?

Brute force attacks seem to the be most common vulnerability on WP installs

  1. Brute force attacks are not WordPress vulnerability. They are password vulnerability, if bad passwords are used.
  2. They are common, but if they are “the most common” in occurrences and, more importantly, breaches is questionable.

rate limiting ought to be relatively easy to bake into WP itself

Had you tried to bake this easy thing? 🙂

I am yet to see login “security” plugin that didn’t cause login issues long term, clashed with less than mainstream browsers, clashed with password manager applications, and so on. Ok, maybe there is one I can think of — for Google 2FA.

Anyone yet to demonstrate that easy thing can be done reliably in plugin. Doing it at core scale? Ugh.

Why isn’t this basic security feature included by default?

So there you have it:

  1. It’s not basic.
  2. It’s not easy to implement.
  3. It works just fine without it.

Related Posts:

  1. Is there any way to rename or hide wp-login.php?
  2. Increase of failed login attempts, brute force attacks? [closed]
  3. How to fake a WordPress login?
  4. Brute force attack?
  5. Receiving “This content cannot be displayed in a frame” error on login page
  6. Websites defaced by uploading script using theme editor
  7. Make wordpress admin failed login attempt return 401
  8. WordPress login urls
  9. Store brute-force IP addresses
  10. How to create a private login page for admin.?
  11. WordPress Security – How to block alternative WordPress access
  12. Protecting WordPress login page
  13. wp-admin folder, brute force, and password protection
  14. Sniffing wordpress user’s credentials
  15. disable site_url redirect in wp-login.php
  16. Does WordPress (or a plugin) reveal login credentials to admin?
  17. Is wp_login_form secure on a non secure page?
  18. WordPress login security
  19. How can I password protect a WordPress site without requiring users to log in?
  20. Input sanitation
  21. How to Prevent Brute Force Attack on WordPress
  22. Advice on redirect to lock site from unauthorized users
  23. Where is the php file, that does the checks for login information?
  24. Error on WordPress Login
  25. Access log “POST /wp-login.php HTTP/1.0” 400
  26. force login loophole
  27. I need to find which is the file that checks the DB for correct login (username, password)
  28. How to create separate login for authors/moderators/subscribers?
  29. How to invalidate `password reset key` after being used
  30. Site is not loading after relogin attempts on SSL
  31. Some crawlers/bots attempting to login with very good guesses. How?
  32. Hide wp-login.php but not the widget
  33. How login is possible, if I deny login page via nginx?
  34. Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
  35. SSO / authentication integration with external ‘directory service’
  36. Preventing session timeout
  37. Check for correct username on custom login form
  38. ‘Password field is empty’ error when using autofill in Chrome
  39. Prevent wp_login_form() from redirecting to wp-admin when there are errors
  40. How to disable autocomplete on the wp-login.php page
  41. how to display the wordpress login and register forms on a page?
  42. How can I add a custom script to footer of login page?
  43. Is it alright for two people to simultaneously be logged into a WP site as administrator?
  44. How do I turn off the ability to login?
  45. Give visitor access to password protected page/post via external script
  46. WordPress Login Footer URL
  47. moving server can not login
  48. Save last login date in global before change it?
  49. How can I secure a WordPress blog using OpenID from a single provider?
  50. How to get login data (session) outside WordPress?
  51. password protect individual pages
  52. Change register form action url
  53. Is back-end access not required for an app to post to my blog?
  54. How do I make my site publicly viewable? Everything redirects to wp-admin
  55. Different homepage for logged in users
  56. reset password link redirect to login page
  57. Deregister default wp-admin css on login screen only?
  58. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  59. SSO to WP, from a non-wp site on a different domain and server
  60. Login with serialized password
  61. is_user_logged_in() not working in Firefox
  62. Can I (and should I) change the login-URL from functions.php?
  63. WordPress Cant access wp-login.php
  64. Why is wp-login trying to send an email?
  65. Replacing default display name to login name
  66. Why does is_user_logged_in() return false after I change user password on the front end?
  67. How to generate “WP_Error” Object for user login?
  68. ?login=failed only attached to URL under certain circumstances
  69. WordPress not logged in locally with correct username and password
  70. my wp-login page doesn’t load [closed]
  71. Requiring login for specific pages
  72. login trouble WordPress can change IDs created by hoster site
  73. login/logout for only one page
  74. WordPress registration page template
  75. Custom login modal page action
  76. Disable registration on certain condition
  77. Temporally disable password to login with empty password?
  78. Login error when username as email different to primary email
  79. Unable to login my wordpress website
  80. How do you implement a login feature on a WordPress site?
  81. Help! ERROR: Cookies are blocked due to unexpected output on attempting to login to resolve an issue with my site
  82. How to log into WordPress admin in MAMP
  83. Can’t login with any account – No error message shown
  84. wp login password reset
  85. Cookies error during first time login attempt
  86. Hide login page and use wp_login_form on ordinary pages
  87. Login screen keeps resetting?
  88. How can I customize the content of the login page?
  89. WordPress giving error when I log in after trying emergency.php
  90. Create custom field for users to check if they agreed to terms
  91. WordPress logs out on protocol switch
  92. Showing A Menu When Only Users Are Logged In [duplicate]
  93. wp_logout logging everyone out instead of just the user that clicked the logout link!
  94. Secure login without SSL? [closed]
  95. Cant login, Password MUST be reset error, after reset
  96. Trying to create a log in system but getting error “Parse error: syntax error, unexpected ‘else’ (T_ELSE) ” [closed]
  97. authenticate to another site using a login form on my site
  98. Cant login to wp-admin or as author again
  99. Flushing or disabling cache on WordPress
  100. Locked out of WordPress.com [closed]
Categories login Tags login, security
Echo title with permalink
Display related post by tag name of current post

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress