🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
Login Delay Shield
Login Delay Shield

Login Delay Shield

4.4/5 (5 ratings) 90 active installs Updated Mar 30, 2026
Brute Forcelockoutloginsecurityxmlrpc
Download v2.2.3 Plugin Website
Settings page with delay configuration options.

Settings page with delay configuration options.

WordPress is one of the most widely used content management systems on the internet, making it a frequent target for bots and hackers attempting brute-force attacks.

A brute-force attack works by systematically trying passwords until finding the correct one. Login Delay Shield defends against this by adding a configurable delay after each failed login attempt. Since successful logins are never delayed, legitimate users experience no slowdown. This approach is particularly effective against bots that send thousands of login requests, as each failed attempt forces the attacker to wait before trying the next password.

Features:

  • Login delay — Fixed or random delay on failed login attempts (1-10 seconds)
  • Progressive delay — Delay increases with each consecutive failed attempt from the same IP
  • IP lockout — Temporarily block IP addresses after too many failed attempts
  • Username-aware lockout strategy — Choose IP only or IP + username to reduce false positives on shared networks
  • Login feedback — Shows remaining attempts before lockout and a lockout countdown when blocked
  • IP whitelist — Bypass all security measures for trusted IPs (supports CIDR notation)
  • Email notifications — Receive alerts when failed login thresholds are reached
  • Failed login log — Track all failed attempts with a dashboard widget showing recent activity and 7-day trends
  • XML-RPC protection — Apply delays to XML-RPC authentication or block it entirely
  • Custom login URL — Move the login page to a custom URL to reduce automated bot traffic targeting /wp-login.php
  • Log retention — Automatic cleanup of old log entries (configurable retention period)
  • Accessible admin interface — WCAG 2.1 compliant with keyboard navigation and screen reader support
  • Multilingual — Translated into 18 languages including French, German, Spanish, Japanese, Chinese, Arabic, and more
  • Lightweight and compatible with other security plugins

This plugin is not a complete security solution — dedicated security plugins offer more comprehensive protection. However, Login Delay Shield adds an effective layer of defense that works alongside your existing security measures without conflict.

Note: This plugin was formerly known as “WP Login Delay”.

Contribute

Found a bug or want to suggest an improvement? Open a thread in the support forum on WordPress.org.

Want to help translate the plugin into your language? Visit translate.wordpress.org.