Rate limiting not working?

Hi im new and trying to get rate limiting working


‘protect your login’ and i entered https://harddrive.app/wp-admin/
i tried to get myself blocked by typing in wrong id/password and it doesnt block me?
am i being protected? i want to protect myself from DDOS & brute force
thank you

wp-admin isn’t your login. Your login would be at https://example.com/wp-login.php
And it’s only going to Rate Limit if you hit that URL a bunch of times in a few minutes.

Just for fun, I did hit your wp-admin URL a few times. After the third hit, it rate limited me.

For my WordPress sites, I do two things:

  1. Install Wordfence. It will protect your login, and a whole lot more.
  2. Use Cloudflare’s Firewall Rules. I block anything that doesn’t come from my home’s IP address. You’ll want to tinker with Firewall Rules a bit for what works best for you.
  3. Optionally: Use Cloudflare’s Page Rules and Match the login URL and set Security Level to Under Attack.

Thank you sdayman!
You are spot on.
I was able to ban myself as well. It didn’t before but next time I will wait an hour or two.
I have dynamic IP so I can’t do that but I did but the captcha is not showing on login.