The error message “You have exceeded number of login attempts. Try again in 999 minutes.” How tom make it in days/hours instead of just minutes.
The Block IP address for field defines the base temporary lockout. It is intentionally limited to 999 minutes because very long fixed lockouts bring no real security benefit.
What you are trying to achieve is already handled by Mitigate aggressive attempts. If you want longer penalties, use escalation instead:
- Keep the base lockout reasonable, for example 30 to 120 minutes.
- Enable Mitigate aggressive attempts and let WP Cerber automatically increase the duration after repeated violations. In the screenshot it escalates to 48 hours after multiple lockouts, which is exactly the behavior you are looking for.
This approach is more efficient because it targets persistent offenders instead of punishing everyone with huge static timers. So the short version: you may not extend the main lockout beyond 999 minutes - by design. Use escalation rules to reach multi-day blocks.
