A number of our dear clients were asking for this feature after the release of our new dashboard — and now we are happy to introduce it to all of our users!

Rate limiting allows you to define the number of requests that a single client could send to your site over any period of time. It works the same way as limit_req (Nginx) or mod_evasive (Apache), but without any configuration from the server side. One way you could use it would be to help lower the load on your server (in case you’re dealing with abusive clients), if you don’t want to completely block them just yet.

A common type of attack is when someone tries to bruteforce your WordPress admin dashboard. To mitigate this, you can create a Custom Rule: When URL contains /wp-login.php – limit rate to 60/3600 (req/s).

You could also use it in other cases, like:

• the clients are abusing certain URL
• the clients are sending too much requests with certain User-Agent
• these are the users from certain country
• any of the above in any combinations

Find out more about our Custom Rules Editor here.