Rating: 1 star

Well I have been using this for a while and since I didn’t have any issues I could only assume it was working. I was sadly and poorly mistaken. Today my site was under such a heavy brute force attack that my hosting company shut down my site to protect their own servers from crashing. They said I had over 700,000 login attempts in less than an hour. This plugin DOES NOT WORK! DO NOT RELY ON IT!

Rating: 3 stars

This plugin seems to be working fine however, there is no documentation within the plugin’s settings page. Zero, zilch, nadda. Three of the four settings available *are* self-explanatory, but the last setting is for a whitelist of IP’s.

I had to come here to the plugin’s page, where I was able to glean some information from throughout the page. The specifics of constructing the whitelist is unfortunately still undocumented.

In one area of the page it is indicated that “you can input a whitelisted IP address (or multiple addresses separated with commas or spaces)”.

In another area of the page it says “Partial IP address matching for dynamically-allocated IP addresses”.

That is great, but while I was able to get some information about how to use the whitelist, the information that was available (which should have been included on the plugins’ setting page) is still ambiguous.

In what manner are we to represent partial IP address matching?
– 123.456.789.* or 123.456.789.000 or 123.456.789. or 123.456.*.* or 123.456.0.0 or in some other manner that I did not use as an example above? We don’t know what calls the plugin is looking for to recognize the partial IP’s, and there is no documentation indicating how to properly enter the whitelist. Because of this, I am uncertain if I am using the plugin correctly.

My request is this: Please add this information to the settings page of the plugin. There is more that enough room there.

Rating: 5 stars

Perfect Plugin – it blocks Botnets. And other things too. I have a Private Galleries area on my site and once the “blocker” is activated no-one can sign in to these Private Galleries either?
I’m using this plugin with Wordfence without apparent conflict.
Also using the whitelist feature without any problems. I’m on (3) dynamic IP address ranges.
Five stars even though I’d also like to extend the 5 hour blocking limit to 24 or more.

Rating: 5 stars

Thank you for this. My host recommended this plugin to me after my server was brought to its knees for the billionth time. I was using the limit-login-attempts plugin, and it worked for a while, until the botnet adapted and started using hundreds of a different IPS only a few times instead of a few IPS many times.

My only concern is that because I work remotely (from coffee shops, etc.) often, if I get locked out of my site when I am not on a whitelisted IP it’s kind of a problem. I hope that captcha support is coming soon.

Rating: 5 stars

I would like to use this in Multisite and be able to control the settings for all blogs from the main admin dashboard. I do not need individual blog admins to control this. I would be willing to donate to get this working in Multisite. I need this quickly since I keep getting attacked.

Rating: 5 stars

I installed this plugin on several of my most “active” sites. It was as if millions of voices suddenly cried out in terror, and were suddenly silenced. In a good way.

There are some situations where I cannot use .htaccess, and this plugin is especially helpful there. I will be interested to try any human-only bypass options you might include in the future (captcha, math problem)

Thank you

Rating: 5 stars

So far, working like a charm. Seems to be keeping the bots (and everyone else) at bay.

Rating: 5 stars

It’s time to replace outdated IP based login limiters with this one. Kudos to the author.

One side note, on all three sites I’ve installed it on, upon activation I received an error: “The plugin does not have a valid header.”
However it was possible to activate it from the main list of installed plugins.

Rating: 5 stars

I think this is the best solution in case of attacks. But can I use this plugin and Better WP Security plugin too?
If I turn off lockout feature for Better WP can I safely use this plugin instead?

Rating: 5 stars

We have monitors that check our web and MySQL servers every 5 minutes so we have been well aware when DDoS attacks have been happening to our servers. We tried other lockout plugins, but they are completely useless against DDoS attacks. They seemed to like 2 of the 10 WordPress sites I manage…and WordPress versions doesn’t seem to have any influence on what sites get hit.

I was actually able to test this plugin during an actual DDoS attack. Our web and MySQL servers were spiked until this plugin activated. Once activated, both servers returned to normal.

This plugin does exactly what it says. It locks your site completely down to where absolutely no one can login during an attack unless they have a static IP address and that IP address is listed in the IP white list.

It’s a bit extreme, but extreme attacks require extreme security measures and I’d rather have to tell a customer to get a static IP address (for security reasons) than have to explain to them why their site is down. I set the lockout time to its maximum setting of 5 hours and the time between invalid attempts to 1 minute. I want things locked down ASAP when these %*#&#’s start hitting our servers.

Rating: 5 stars

Bravo!.

Rating: 5 stars

Does what it says on the tin – exactly what I needed ??