A Guide to iThemes Security Pro Lockouts

The image shows a scowling white computer on a blue background. The computer is looking to the right. An area appears to be lit by spotlight, and says "You have been locked out. error If you are a verified user, click the button below and an email will be sent to you with a magic link to bypass the lock out and login to your site." Underneath is a blue button with white text that reads, "Send Magic Link"

iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them.

Keep reading for tips to avoid the dreaded lockout screen (in case you or your client has accidentally locked yourself out of your website) and how to release the lockout if it’s triggered. (Locked out? Get the release lockout solution now!)

What Types of iThemes Security Pro Lockouts Are There?

There are multiple ways a lockout can be triggered using the iThemes Security Pro plugin.

The 4 types of iThemes Security Pro lockouts:

1. Host Lockout

A Host Lockout is when someone using the same IP address makes repeated incorrect login attempts.

Set the number of attempts before an IP address is blocked in Security > Settings > Local Brute Force Protection. In the image below, you can see the Max Login Attempts Per Host are set to 5.

In Security > Settings > Global Settings, you can determine what the locked out host will see as a reason for the lockout. The default is set to display a bolded error message.

A screenshot displaying the message field for the Host Lockout MessageYou can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.

2. User Lockout

A User Lockout is when a username belonging to an existing user is used for multiple incorrect login attempts.

You can set the number of attempts before a user is blocked in Security > Settings > Local Brute Force Protection. In the image below, you’ll see the Max Login Attempts Per User are set to 2.

A screenshot showing the Max Login Attempts Per User set to 2



This article was written by Rebecca Diamond and originally published on WordPress News and Updates from iThemes – iThemes.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

You have to agree to the comment policy.

Show Your ❤️ Love! Like Us
Scroll to Top