To prevent Brute Force Attacks, we have added a WordPress login attempt limitation to 10Web hosted websites. To adjust login attempt parameters, you will need to define constants in the wp_config.php file:

define('TW_FAILED_LOGIN_ATTEMPTS_COUNT', 5); 

The number of fails until user is blocked.

define('TW_LOCKOUT_TIME', '10800');   \\in seconds

How long the user is blocked.

define('TW_FAILED_ATTEMPTS_TIME', 300 ); \\in seconds 

Time frame within which user must fail in order to be blocked. For example; if user fails 5 times in 1 hour, user is blocked.

define('TW_LOCKOUT_MESSAGE ', ' You have been locked out due to too many invalid login attempts');  \\ 

Message when user becomes blocked.