to dircp/wp plugin: limit login attempts reloaded - NOTES rev 4 feb 2022 Category: security cp/wp: classicpress and wordpress webwalker: this type of plugin is essential; but not this one. ....................................................... description: Blocks attempts on your wp-login.php, by ip number Can set it for number of tries allowed. Good summary of what it does, in this review on WordPress.org: https://wordpress.org/support/topic/great-little-plugin-but-some-confusion/ Version recommendation: FREEZE - DO NOT UPDATE - no longer lean and mean. mar 2021 - new version adds many more features, separate menu item with icon, ads for premium. feb 2022 - is getting problem reports in forum, with advice to stick with older version. they try to sell their premium version. That's why there are so many updates, which bring the plugin to the site owners attention (i.e. the useless mail notifications, now the menu item, nag screens etc.). The plugin got worse since they offer a "premium" version. -- mbaieri https://wordpress.org/support/topic/option-to-choose-where-the-menu-should-be/#post-14274370 ....................................................... sources: Plugin page: https://wordpress.org/plugins/limit-login-attempts-reloaded https://www.limitloginattempts.com/ WordPress forums: https://wordpress.org/support/plugin/limit-login-attempts-reloaded https://wordpress.org/search/classicpress+limit-login-attempts/?forums=1 ClassicPress forums: https://forums.classicpress.net/search?q=%22limit%20login%20attempts%22 _______________________________________________________ ➽ Install/config/uninstall: ......................... install: the usual. ......................... settings: Under settings menu. All options and the logs are saved in the wp_options table [jun 2020] ......................... uninstall: - deletes from database? tables: _______________________________________________________ ➽ Notes: There is an original version "limit login attempts" which seems to be abandoned, last updated in 2002. WPChef has revived it as "Reloaded" in mid-2016 and it has consistently had good support and reviews. ......................... Lockout log: - The 'GDPR' setting encrypts the displayed ip number. Untick it to be able to view real ip numbers. (Any past numbers will remain encrypted.) https://wordpress.org/support/topic/lockout-log-ip-addresses-are-not-standard-format/ 19 jul 2019 - Clicking 'Unlock" button unlocks all the ip numbers? all were showing 'unlocked' anyway when i checked; click 'Unlock' disappeared the button, but didn't change status.22 jul 2019 https://wordpress.org/support/topic/my-log-says-unlocked-what-does-it-mean/ "Outdated lockouts get unlocked automatically after the time specified in the plugin config. This has nothing to do with hackers, this is just an indication for an admin that the IP is no longer locked." [16 may 2019] ......................... * problem: massive table bloat https://wordpress.org/support/topic/massive-database-table/ table optimization/repair seemed to fix the problem. ......................... * What makes the IP unblocked? https://wordpress.org/support/topic/what-makes-the-ip-unblocked/ [8 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * The time reported by the failed login attempts details the wrong timezone https://wordpress.org/support/topic/log-time-wrong-timezone/ [17 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * Wrong timezone in logs https://wordpress.org/support/topic/log-time-wrong-timezone/ [17 feb 2021] Good question, but no answer so far [28 feb 2021] ......................... * Notify multiple emails on lockout? LLA doesn't do it itself - only accepts one address. But you could make an email forwarder that could go to multiple emails. https://wordpress.org/support/topic/notify-multiple-emails-on-lockout/#post-14015284 [7 feb 2021] ....................................................... more info: ....................................................... other plugins of same type: * Login LockDown https://wordpress.org/plugins/login-lockdown/ 100,000 installs updated to keep up with latest WP. * Loginizer https://wordpress.org/plugins/loginizer/ 1 million installs updated to keep up with latest WP. * Limit Login Attempts (the old one) https://wordpress.org/plugins/limit-login-attempts/ 1 million installs not updated since WP 2.8. _______________________________________________________ begin 26 sep 2019