Hi @lsingh, thanks for reaching out to us!
We have run some tests and firstly we are able to successfully limit WooCommerce logins to 8 using Wordfence > All Options > Brute Force Protection on one of our test sites. Having attempted to be locked out myself on your site, I get a “2 attempts remaining” dialog that is coming from either an alternative security plugin or something included with WooCommerce/your theme. This may have been installed since this topic was created though so please let me know if that is the case. If it has been installed all along, it could be intervening before Wordfence detects the failed attempt.
When people see the blocked screen, you can add some custom text to Wordfence > All Options > Additional Options > Custom text shown on block pages. You can also increase the time, depending on the reason. These settings are in Wordfence > All Options > Brute Force Protection > Amount of time a user is locked out and Wordfence > All Options > Rate Limiting > How long is an IP address blocked when it breaks a rule.
You can read more about Rate Limiting and Brute Force Protection here in our help documentation:
https://www.wordfence.com/help/firewall/brute-force/
https://www.wordfence.com/help/firewall/rate-limiting/
Thanks,
Peter.
