To prevent Brute Force Attacks, we have added a WordPress login attempt limitation to 10Web hosted websites. To adjust login attempt parameters, you will need to define constants in the wp_config.php file:
The number of fails until user is blocked.
define('TW_LOCKOUT_TIME', '10800'); \\in seconds
How long the user is blocked.
define('TW_FAILED_ATTEMPTS_TIME', 300 ); \\in seconds
Time frame within which user must fail in order to be blocked. For example; if user fails 5 times in 1 hour, user is blocked.
define('TW_LOCKOUT_MESSAGE ', ' You have been locked out due to too many invalid login attempts'); \\
Message when user becomes blocked.