to dircp/wp plugin: limit login attempts reloaded - NOTES rev 13 oct 2022 Category: security cp/wp: classicpress and wordpress webwalker: this type of plugin is essential; but maybe not this one. (why not? can't remember) ....................................................... description: Blocks attempts on your wp-login.php, by ip number Can set it for number of tries allowed. Good summary of what it does, in this review on WordPress.org: https://wordpress.org/support/topic/great-little-plugin-but-some-confusion/ Version recommendation: FREEZE - DO NOT UPDATE - no longer lean and mean. mar 2021 - new version adds many more features, separate menu item with icon, ads for premium. feb 2022 - is getting problem reports in forum, with advice to stick with older version. they try to sell their premium version. That's why there are so many updates, which bring the plugin to the site owners attention (i.e. the useless mail notifications, now the menu item, nag screens etc.). The plugin got worse since they offer a "premium" version. -- mbaieri https://wordpress.org/support/topic/option-to-choose-where-the-menu-should-be/#post-14274370 ....................................................... sources: Plugin page: https://wordpress.org/plugins/limit-login-attempts-reloaded https://www.limitloginattempts.com/ WordPress forums: https://wordpress.org/support/plugin/limit-login-attempts-reloaded https://wordpress.org/search/classicpress+limit-login-attempts/?forums=1 ClassicPress forums: https://forums.classicpress.net/search?q=%22limit%20login%20attempts%22 _______________________________________________________ ➽ Install/config/uninstall: ......................... install: the usual. ......................... settings: Under settings menu. All options and the logs are saved in the wp_options table [jun 2020] ......................... uninstall: - deletes from database? tables: _______________________________________________________ ➽ Notes: There is an original version "limit login attempts" which seems to be abandoned, last updated in 2002. WPChef has revived it as "Reloaded" in mid-2016 and it has consistently had good support and reviews. ......................... Lockout log: - The 'GDPR' setting encrypts the displayed ip number. Untick it to be able to view real ip numbers. (Any past numbers will remain encrypted.) https://wordpress.org/support/topic/lockout-log-ip-addresses-are-not-standard-format/ 19 jul 2019 - Clicking 'Unlock" button unlocks all the ip numbers? all were showing 'unlocked' anyway when i checked; click 'Unlock' disappeared the button, but didn't change status.22 jul 2019 https://wordpress.org/support/topic/my-log-says-unlocked-what-does-it-mean/ "Outdated lockouts get unlocked automatically after the time specified in the plugin config. This has nothing to do with hackers, this is just an indication for an admin that the IP is no longer locked." [16 may 2019] ......................... How to unblock yourself: > The idea is to change your IP (which got blocked) and log in using another IP. Then unblock your blocked IP from the admin interface of the plugin. * Log in from another ISP, for example from your phone using mobile Internet and not wifi. Or * Turn off your router (if any), wait for a few minutes and then turn it on in hope that its IP changes. > Last resort, through SFTP or SSH, rename the plugin folder to deactivate it. ......................... * problem: massive table bloat https://wordpress.org/support/topic/massive-database-table/ table optimization/repair seemed to fix the problem. ......................... * What makes the IP unblocked? https://wordpress.org/support/topic/what-makes-the-ip-unblocked/ [8 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * The time reported by the failed login attempts details the wrong timezone https://wordpress.org/support/topic/log-time-wrong-timezone/ [17 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * Wrong timezone in logs https://wordpress.org/support/topic/log-time-wrong-timezone/ [17 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * Notify multiple emails on lockout? LLA doesn't do it itself - only accepts one address. But you could make an email forwarder that could go to multiple emails. https://wordpress.org/support/topic/notify-multiple-emails-on-lockout/#post-14015284 [7 feb 2021] ....................................................... more info: ....................................................... other plugins of same type: * Login LockDown https://wordpress.org/plugins/login-lockdown/ 100,000 installs updated to keep up with latest WP. * Loginizer https://wordpress.org/plugins/loginizer/ 1 million installs updated to keep up with latest WP. * Limit Login Attempts (the old one) https://wordpress.org/plugins/limit-login-attempts/ 1 million installs not updated since WP 2.8. _______________________________________________________ begin 26 sep 2019