Hey there guys, I’ve had the issue that a lot of bots are trying to create accounts,
would it be possible to enable captcha for registration as well and not just for failed logins?
Thank you.

Site Health :

\”An active PHP session was detected
A PHP session was session_start()created by a function call. This affects REST API and loopback requests. The session should session_write_close()be closed by before any HTTP requests are made.\”

The cause is the captcha.php file in line 4 session_start();

Hello!
I’m a developer and user of this great plugin!
I think it is a great plugin and really useful, a pity it is not developed anymore!
I would like to adopt the plugin and keep development going, would you like to transfer ownership to me?
Thank you!

Warning, this plugin is effected by:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4303

Hi,
Is the situation still the same with WPML compatibility, as in this post? https://www.ads-software.com/support/topic/is-your-plugin-compatible-with-wpml-3/

The plugin outputs div, p, img, form etc. tags directly in head tag in WordPress login page, this causes invalid html.

function wp_limit_login_head(){
    ...
?>
    <script>var popup_flag = "<?php  echo $_SESSION["popup_flag"] ?>";</script>
    <div class='popup' style="display: none;">
      <div class='popup_box'>
          <p class='x' id='x'> &times </p>
          <p>Please enter captcha text</p>
          <img class="captcha" src="<?php echo  plugin_dir_url( __FILE__ ).'/captcha.php';?>" />
          <form class="captcha_form" action="" method="GET">
              <input type="text" placeholder="Enter here.." name="captcha">
              <input class="submit" type="submit" value="Submit">
          </form>
      </div>
    </div>
<?php 
}

add_action('login_head', 'wp_limit_login_head');

Suggested fix: Output html in login_header (note the er at the end) or login_footer action.

Plugin version 2.6.4.

Is the Pro WP Limit Login Attempts plugin no longer available? We are moving to a new site and the current Pro WP Limit Login Attempts caused an error. I couldn’t find a new one to do the install.

Hi if user can reset their password to unblock the account? thanks!

As far as I can see, the blacklist works in a way that just hides that an inexistant username hase been tried for login. There seems to be no logging for that.

Wouldn’t it make sense to treat this the same way as a regular failed login attempt resulting in blocking the IP it originated from for the configured period? Either period would seem to be prferential to not doing so.

If that doesn’t make sense – why?

Of course, since no one ever responds here, I guess that’s a silly question, lol.

I installed Limit Login Attempts and it seems to be doing it’s job. But I have no idea how to operate the software, or to interpret the information it provides. Is there a guide somewhere?

Specifically, I can see that one IP address keeps trying to break in. Can I simply block that IP address? And if so, how?

On installation the captcha does not function. It simply regenerates after adding the captcha and login is not possible. We are running WordPress Version 5.4.2, please advise

Hi Support,

When customers want to login in their account they see a message:
WRONG INFORMATION

What is this? We turned the plugin off, and now its working.

I notieced in my server’s PHPMyAdmin that there is a very large file (3mb) “wp_login_fails”. Is this connected to your plugin?

Is it okay to delete this? Or, can it be optimized?

Thanks for any feedback!

Hello,
When I activated your plugin I get following errors in site health:

The REST API request failed due to an error.
Error: [] cURL error 28: Operation timed out after 10001 milliseconds with 0 out of -1 bytes received

The loopback request to your site failed, this means features relying on them are not currently working as expected.
Error: [] cURL error 28: Operation timed out after 10001 milliseconds with 0 out of -1 bytes received

Please fix these errors.
Thanks

Hello,
There is a problem with the security code in the RTL version.
Please see the following image:
https://gofile.io/?c=JfKHvk
The captcha is not aligned center.

And How can I translate this plugin?

Not able to log in successfully – but before I hit the failure limit – I click the “forgot password” link. But on the next page where WP prompts for email address to send a password change to, instead this plugin blocks that and simply repeats the login-failed message after I type my email address and click Send.

Please fix this.

I installed the plugin to test it and when I go to https://localhost/wp-admin/ I have a white page with nothing. How can I desactivate the plugin ?

Thank you for the help.

Co-worker attempted to login, failed to login several times. The plugin blocked the load balancer internal IP which blocking all users from being able to login.

In case this is helpful to the developer or others:

I encountered an issue where the pop-up window with the CAPTCHA either had a broken image or the background image (white-wave.png) appeared but with no CAPTCHA code. This message was in my PHP error log: PHP Warning: imagettftext(): Could not find/open font in captcha.php on line 40

I was able to fix this by changing line 35 in captcha.php so that it is “$font = __DIR__ . ‘/images/coolvetica.ttf’;”

OTHER DETAILS:
-Running WordPress 5.0.2
-WP-Limit-Login version 2.6.3
-GD library enabled
-PHP 7.2.7
-IIS 8

OTHER NOTES
I did not encounter this problem on my local development server. It is on a Mac running Apache with PHP 7.3, same WordPress version and same plugin version installed. I initially thought it might have been a permissions issue on IIS, but if that was the case then changing the code wouldn’t have solved it.

Add localization/translation, please.

hola es gratis? es compatible con buddypress?

Hello,

do you know if your plugin is complying to the GDPR, which comes into effect in Europe on May 25, 2018?

Thanks,
Gerdski

The lite version of this plug in does exactly what I need, adds another level of security to my websites without bloat.
I am not interested in any other feature, change lock out time, using captcha etc… So I am not interested in upgrading so cannot comment on the premium version
So for functionally for my usage I would give it a 5 star rating.

However:
Whilst I can understand a gentle request to review plug ins I have been using, I strongly object to being asked to give 5 star reviews.

If a plug in is worth 5 stars to me I will say so in my review, if there is an issue I will ask for support before giving a review as any glitches could be down to my usage or conflicts with other plug ins, it’s only fair to give the developer a chance to resolve negative issues before giving a negative review.

The annoying message which appears on every admin page of every website I use this plug in on is now so irritating I am seriously thinking of uninstalling it, can you please upgrade to remove this.
It is not fair to use your plug in to solicit review requests in this way.

Thyank You

Hello, I am receiving messages from customers who want to register. When they enter username and password on first attemp they get this “Login Failed Sorry..! Wrong information..!”

How can I fix that?
Are they already blocked?
Where can I see blocked ips?

Thank you guys!

Hi,

When the plugin is activated, the editor to edit theme files does not work. Is there a work around?

//Joel

I see the following cookie getting set now for my WP pages when I did not see this before:

Set-Cookie: PHPSESSID=rxnhnw9e6jt4h5c8c4or1dkl01; path=/

I know this is what PHP uses sessions but my theme does not set any cookies, just wanting to know if it is set by WP Limit Login Attempts. And if it is, why is at the root level, shouldn’t it be limited to certain paths like /wp-admin?

Is your plugin compatible with WPML? or main, haven’t problem your plugin when we will be on website installed wpml?
* WP Limit Login Attempts
Thanks for your answer.

Hello

In the log my own username is displayed, although this is already very individual. So not “admin” or something similar.

How can that be or why is that?
IP comes from Ukraine.

Best regards
Axel

Hi Folks,

i unfortunately blocked my IP due to 5 wrong logins. For how long will this IP be blocked? I allreade deleted the entry in the wp_limit Table via MySQL but it still says that the ip is blocked.

Kind regards in Advance
Charlie

• This topic was modified 7 years ago by charlieharper.