Update 3/10: We will be starting the removal across our platform on 3/11 and believe we will be finished on 3/13.

At WP Engine we are committed to keeping your WordPress sites secure. As our customers, you entrust us with that responsibility. With that in mind, we’ve decided to replace the Must Use plugin, Limit Login Attempts, with our proprietary security built into our platform.

Here are answers to questions you may have about this change:

What’s replacing Limit Login Attempts?
We’re replacing the plugin with an addition to our existing proprietary security systems. This addition is intelligent, reactive software that constantly learns and adapts to threats and takes action.

Why are you doing this?
The primary reason is that by bringing this security in house, we can react to the ever-changing security landscape much faster. The Limit Login Attempts plugin hasn’t been updated in two years, forcing us to maintain the code on our platform to ensure compatibility. Secondly, some customers had a poor experience with Limit Login Attempts, sometimes having to change their workflow to accommodate it.

What does this mean?
On Wednesday, March 2nd, we will be removing the Limit Login Attempts plugin from every site on our system. Our platform security will now ensure that bad actors can’t log in to your site.

What do I need to do?
You don’t need to do anything; your security is in our hands. Most customers won’t even notice a change in their sites.

What if I want to continue to use Limit Login Attempts?
While we do not recommend using the plugin any longer as it will not be supported, we won’t prohibit you from reinstalling it. We recommend you install the plugin from the WordPress repository. If you have issues with the plugin, you’ll need to contact the plugin developer, as we cannot provide direct support for the plugin after it is removed.

Dustin Meza, Senior Manager, Customer Experience Operations