OTP Rate Limiter
Customize OTP request limits to control SMS frequency and prevent abuse.
WSMS includes a rate limiter to prevent OTP abuse. By default, users can request 5 OTPs within a 5-minute period. You can customize both the time interval and request count using filters.
Available Filters
wp_sms_otp_rate_limit_time_interval
Defines the time window for rate limiting.
add_filter('wp_sms_otp_rate_limit_time_interval', 'your_callback');| Parameter | Type | Description |
|---|---|---|
$interval | DateInterval | The time interval in ISO 8601 format |
wp_sms_otp_rate_limit_count
Specifies the maximum number of OTP requests allowed within the time interval.
add_filter('wp_sms_otp_rate_limit_count', 'your_callback');| Parameter | Type | Description |
|---|---|---|
$count | int | Maximum allowed requests |
Examples
Restrict to 1 Request Every 2 Minutes
add_filter('wp_sms_otp_rate_limit_time_interval', function($interval) {
return new DateInterval('PT2M'); // 2 minutes
});
add_filter('wp_sms_otp_rate_limit_count', function($count) {
return 1;
});Allow 3 Requests Per Hour
add_filter('wp_sms_otp_rate_limit_time_interval', function($interval) {
return new DateInterval('PT1H'); // 1 hour
});
add_filter('wp_sms_otp_rate_limit_count', function($count) {
return 3;
});Stricter Limit: 1 Request Every 5 Minutes
add_filter('wp_sms_otp_rate_limit_time_interval', function($interval) {
return new DateInterval('PT5M'); // 5 minutes
});
add_filter('wp_sms_otp_rate_limit_count', function($count) {
return 1;
});DateInterval Format Reference
| Format | Duration |
|---|---|
PT1M | 1 minute |
PT5M | 5 minutes |
PT30M | 30 minutes |
PT1H | 1 hour |
PT24H | 24 hours |
Use Cases
- Prevent OTP abuse and spam
- Control SMS costs by limiting request frequency
- Implement stricter policies for high-security applications
- Apply lenient limits for better user experience
Related
- wp_sms_otp_generated - Action hook when OTP is generated
Last updated: December 23, 2024