WordPress Security: Limit login attempts without using any plugins | brute force attack | 2021
WordPress tutorial: By adding a code to the theme’s functions.php you can Limit access to WordPress Login without using any plugins. The code can be customized as per your requirement – you can change the message to appear, change the number of failed attempts to be made, and as well the wait time for wrong attempts to access your WordPress website.
However, please note that in case you forgot your password and are locked out and want to access the site, you will have to access the cPanel or FTP and remove the code that has been added – then the time limit will be removed unless the code has been added.
Hope this adds extra security to your WordPress website.