=== Limit Login Attempts ===
Contributors: snehalpancholi
Tags: security, login, brute force, lockout, ip block
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your WordPress site against brute-force attacks by locking out IP addresses after consecutive failed login attempts.

== Description ==

Limit Login Attempts blocks an IP address after a configurable number of failed login attempts, protecting your site from brute-force and credential-stuffing attacks.

**Features:**

* Configurable attempt threshold and lockout duration
* Extended lockout (24-hour ban) after repeated lockouts
* IP whitelist to protect trusted addresses
* Login form warning showing remaining attempts
* Admin lockout log with unlock/clear actions
* Email notification to admin on lockout events
* Zero performance impact on normal logins

== Installation ==

1. Upload the `limit-login-attempts` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu
3. Go to Settings → Limit Logins to configure

== Frequently Asked Questions ==

= Will this lock out the admin? =
Only if the admin IP is not on the whitelist. We recommend adding your office IP to the whitelist.

= Does it slow down the login page? =
No. The lockout check is a single indexed database query.

= Can I unlock an IP without WP-Admin access? =
You can directly delete the row from the `wp_lla_lockouts` table in phpMyAdmin.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
