If someone tries to login multiple times, is a message displayed to them when they reach the limit and get locked out? I haven’t seen that happen and don’t know how to turn it on if it’s an option.
]]>I have had several messages to say my customers are locked out, now i am locked out?
Claims too many login attempts, and is locked for 9999hrs. This is for accessing the back end of my site, so i am unable to disable app.
As you can imagine this is somewhat problematic.
Is there anything that can be done?
Regards
Nick
]]>After updating to the latest version 2.26.16, GDPR compliance window appears also on some (maybe 10%) of my blog pages (like the url of this topic). Even if I disable the function in the plugin settings. Is there a known issue? Thanks a lot and best regards ??
]]>After updating to the latest version 2.26.15, GDPR compliance does no longer only appears on pages with login, e.g. the WP login page, but suddenly also on all frontend pages – even if the close button (x) has been pressed. Is there a known issue? Thanx a lot for your help.
]]>Hi,
With the upcoming WP 6.7 (currently in beta) a PHP notice is thrown if load_plugin_textdomain() is not loaded in “init” hook:
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the limit-login-attempts-reloaded domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in wp-includes/functions.php on line 6099
Could you fix it? Thanks!
]]>We have this plugin installed and activated on 3 different sites. With 2 of the sites, the body of the email comes out perfectly with all the information; on the 1 site we get the email notification but the body of the email is completely blank.
Incidentally, the 2 sites were the email is successful happen to be PHP 7.4, the site that the email is blank is PHP 8.2. Is this a coincidence or the issue?
Thank you in advance for your suggestions.
]]>
2024/09/30 05:11:25 [error] 75501#75501: *65498 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined
2024/09/30 05:11:15 [error] 75501#75501: *65482 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: Undefined array key "date" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 42PHP message: PHP Warning: Undefined array key "counter" in /www/wpsitesnet_162/public/wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 45PHP message: PHP Warning: UndefinedHi.
I am not able to add additional IP (mobile phone’s IP) to safelist.
I mean …
I can add it in plug in but it doesen’t work.
When i try to access login page of my website i constantly get 403-Forbidden (Access to this resource on the server is denied!).
I don’t even reach the WP login form at mysite.com/wp-admin …
Can someone suggest a solution?
Thanks in advance and kind regards.
]]>Using the free version of LLAR.
I blocked some countries with LLAR, like Russia, but people from Russia can still open my website and register new users too. I still must deny the status manually to many new russian users, every day. Is it normal?
Users cannot login with email address.
]]>We have been blocked although our country was allowed. Is there an option to have a secret key to unblock?
]]>This plugin is overriding the Ultimate Member plugin awaiting_email_confirmation login error message ‘Your account is awaiting email verification’ with the default message ‘Incorrect username or password’. I see this is set in your function fixup_error_messages.
]]>I’ve just upgraded to the free Micro Cloud (for which, thanks) with the idea I would Deny all usernames except for my admin username which I would Allow. However a thought occurred – by doing this am I potentially tipping off a brute force attacker that they have uncovered my username and that all they have to do now is brute force out my password? If they were to hit on my username and therefore the plugin allows them to enter passwords, would this not tell them they have correctly uncovered my username? Silly question perhaps, but jumping at shadows isn’t a bad approach to online security.
]]>Hi, I have inserted your plugin and I have actually realized that the site, after a virus, is the object of continuous attack: in the sense that I have now realized that there are hundreds of access requests every day. I have changed the password by setting a very difficult one but the requests continue to be there, I have decreased the number of access attempts and increased the lookout time but what else can I do to discourage and block this situation?
The attacker is known to use a proxy with which he changes IP every 2/3 minutes, so I can’t even block by IP, strain or state
Thanks
]]>It looks like this should be checked related to PHP 8.3
PHP Deprecated: Use of “self” in callables is deprecated in ../limit-login-attempts-reloaded/core/Helpers.php on line 138
Getting a bunch of deprecated errors from LLAR on the login screen:
Deprecated: Use of "self" in callables is deprecated in /wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 138
Deprecated: stripslashes(): Passing null to parameter #1 ($string) of type string is deprecated in /wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 142
Deprecated: Use of "self" in callables is deprecated in /wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 138
Deprecated: stripslashes(): Passing null to parameter #1 ($string) of type string is deprecated in /wp-content/plugins/limit-login-attempts-reloaded/core/Helpers.php on line 142
Deprecation notices on PHP 8.2 and up, which be errors on PHP 9.0 and up so this needs to be addressed. Feels like simple fixes. I’ll open some PRs if you could approve and merge. I’ll post links below as I write them.
—
FIXES
Here’s a fix for the stripslashes() issue: https://github.com/WPChef/limit-login-attempts-reloaded/pull/191
LLAR version: 2.26.11
To reproduce:
Instead of steps 2 & 3 you can also use any page with tab= in the query string, so going to /wp-admin/profile.php?tab=settings will produce the same error without the need for another plugin.
That will produce many errors, the first is:
[30-Jun-2024 14:57:40 UTC] PHP Warning: Undefined array key 2 in CENSORED\wp-admin\includes\plugin.php on line 1890
[30-Jun-2024 14:57:40 UTC] PHP Stack trace:
[30-Jun-2024 14:57:40 UTC] PHP 1. {main}() CENSORED\wp-admin\admin.php:0
[30-Jun-2024 14:57:40 UTC] PHP 2. require() CENSORED\wp-admin\admin.php:158
[30-Jun-2024 14:57:40 UTC] PHP 3. require_once() CENSORED\wp-admin\menu.php:422
[30-Jun-2024 14:57:40 UTC] PHP 4. do_action($hook_name = 'admin_menu', ...$arg = variadic('')) CENSORED\wp-admin\includes\menu.php:161
[30-Jun-2024 14:57:40 UTC] PHP 5. WP_Hook->do_action($args = [0 => '']) CENSORED\wp-includes\plugin.php:517
[30-Jun-2024 14:57:40 UTC] PHP 6. WP_Hook->apply_filters($value = '', $args = [0 => '']) CENSORED\wp-includes\class-wp-hook.php:348
[30-Jun-2024 14:57:40 UTC] PHP 7. LLAR\Core\LimitLoginAttempts->admin_menu('') CENSORED\wp-includes\class-wp-hook.php:324
[30-Jun-2024 14:57:40 UTC] PHP 8. remove_submenu_page($menu_slug = 'limit-login-attempts', $submenu_slug = 'limit-login-attempts') CENSORED\wp-content\plugins\limit-login-attempts-reloaded\core\LimitLoginAttempts.php:758The bug is in limit-login-attempts-reloaded\core\LimitLoginAttempts.php function admin_menu(), the specific code starts at line 741:
$index = 1;
foreach ( $submenu_items as $item ) {
add_submenu_page(
$this->_options_page_slug,
$item['name'],
$item['name'],
'manage_options',
$this->_options_page_slug . $item['url'],
array( $this, 'options_page' )
);
if ( ! empty( $_GET['tab'] ) && $_GET['tab'] === $item['id'] ) {
$submenu[$this->_options_page_slug][$index][4] = 'current';
}
$index++;
}This code creates the submenu pages for llar, and sets the CSS class to ‘current’ if needed. However, the code does not check if the current page is llar, so $submenu[$this->_options_page_slug][$index][4] = 'current'; is executed if &tab matches no matter the page the user is on.
The problem comes if the user is on a page like ?page=myplugin&tab=settings. That causes the error above if the user does not have the capability to show llar, and also if the user does have the capability then the item will have the ‘current’ class added even though it isn’t the current page.
The following is a tested fix, though I imagine there are other ways to do it:
global $plugin_page;
$is_llar_page = $plugin_page === $this->_options_page_slug;
$index = 1;
foreach ( $submenu_items as $item ) {
add_submenu_page(
$this->_options_page_slug,
$item['name'],
$item['name'],
'manage_options',
$this->_options_page_slug . $item['url'],
array( $this, 'options_page' )
);
if ( $is_llar_page && ! empty( $_GET['tab'] ) && $_GET['tab'] === $item['id'] ) {
$submenu[$this->_options_page_slug][$index][4] = 'current';
}
$index++;
}How do I delete this plugin?
Why is it not in the plugins directory?
What other name could it be called in my plugins folder?
Please advise.
]]>Here are my Limit Login Attempts Reloaded settings (LLAR):
4 allowed retries, 20 minutes lockout, 4 lockouts increases lockout times to 24 hours, 24 hours until retries are reset.
See the link below about the issue with LLAR interacting with Paid Memberships Pro. The issue has been known for at least one year. Did you ever contact them to resolve the issue?
https://www.ads-software.com/support/topic/limit-login-attempt-reloaded-for-custom-login-page/
When I test out LLAR by doing the following:
The result is always the same, that is:
At this point, I have to delete the plugin because it doesn’t work. No need to give a review for something that doesn’t work for me.
Ron
]]>After updating to latest Version 2.26.10 following PHP warnings are shown in debug logs.
PHP Warning: Undefined array key "continent_code" in /public_html/blog/wp-content/plugins/limit-login-attempts-reloaded/core/Ajax.php on line 451
PHP Warning: Undefined array key "offset" in /public_html/blog/wp-content/plugins/limit-login-attempts-reloaded/core/Ajax.php on line 677=== Environment
– WordPress: 6.6-beta3
– PHP: 8.3.8
– Server: LiteSpeed
– Database: mysqli (Server: 10.6.18-MariaDB / Client: mysqlnd 8.3.8)
– Browser: Edge 126.0.0.0 (Windows 10/11)
– Theme: Twenty Twenty-Four 1.1
– MU-Plugins:
* block-automation-by-installatron.php
* Health Check Troubleshooting Mode 1.9.0
– Plugins:
* Core Rollback 1.3.5
* Enable jQuery Migrate Helper 1.4.0
* Health Check & Troubleshooting 1.7.0
* Limit Login Attempts Reloaded 2.26.10
* Plugin Check (PCP) 1.0.1
* Plugin Compatibility Checker 3.0.1
* Query Monitor 3.16.3
* Stop User Enumeration 1.6
* WordPress Beta Tester 3.5.5
* WP Hooks Finder 1.3.1
* WP SMS 6.9.1
* WPVulnerability 3.2.0
Also shown at: Report – Limit Login Attempts Reloaded 2.26.10 – PluginTests.com
]]>I have tryed now several time to upgrade to premium version, but both card as paypal are not working. \\
so it not possible at this time for my to make this working.
]]>All my ips are from cloudflare, there is a way to get the real Ips? do I need another plugin?
Im using godaddy hosting and cloudflare
]]>I’ve been using your plugin in conjunction with WPS Hide Your Login and recently I’ve been running into an issue where my first attempt to login to a site is met with the “ERROR: Incorrect username or password.” message however my second attempt to login is always successful.
I use an auto-hotkey tool to autofill the username and password so I’m 100% certain this not a case of mistakenly entering the username or password incorrectly during the first login attempt.
I’m hoping you can look into this and offer a fix or remedy as it does create some frustration during the login process for my clients.
Hello i , find that Limit Login Attempts was installed on our website and we cannot remove it , we deleted the folder from our ftp but still appears on the dashboard of our website
]]>Where can I see wich IP-adres has loged in?
]]>Hi,
I am using a review-plugin from cusrev.com and i get the error 403 because the plugin can not reach to the website. this might be because something is blocked while using the llar-plugin.
With this information I should be able to solve this problem:
I whitelisted the IP, but that does not work. Where could i unblock the REST-API or set the URL as discribed?
Thanks for your feedback!
Michael F
]]>Hello
I use GoDaddy hosting and I do have your plugin with them have some problem when I click here: https://prnt.sc/V6IRcX3aNUQg its Not let me do it show pop up window
Can’t turn auto-updates on. Please ask your hosting provider or developer for assistance.
I already delete install again and same problem
any suggestion, thank you
]]>I’m using elementor where I’ve created the login page and used the login widget. I’ve installed your plugin and it works fine but the lock messages and the count of remaining attempts don’t appear. Is there any way of doing this?
]]>Hello, a security analysis of a website we’re building has highlighted the presence of an outdated version of chart.js (Chart.bundle.min.js), since this bundle comes with [email protected].0 that has vulnerability issues we were wondering if it was possible to update the bundle in question in a future update,
thanks
]]>I want to use LLAR with ultimate member plugin in my website. The LLAR plugin displays how many attempts I have left on the default login page but it does not show it on the Ultimate Member login page. How can I do that?
]]>