Hi there,

I’m using the WPS Limit Login plugin and need a hand displaying error messages on my custom login form when a user’s IP is blocked due to too many failed login attempts. Right now my login form displays “Incorrect password” if IP is blocked

Can you point me in the right direction or let me know if there’s an existing method for showing these errors?

Thanks a lot!

P.S on default wp login form error message is not displaying. Only red error div abouve login form

Will this plugin work if someone navigates to a WordPress site using an IPv6 formatted address?

With the last update to v 1.5.9.1, I can no longer successfully login to any of the websites using the Plugin. It’s always giving the error “too many failed login attempts” and eventually blocking for 20 minutes (as defined in the settings of the Plugin).

Edit: I have removed (renamed) the Plugin on one site to test it and everything worked as expected and right away again.

• This topic was modified 5 months ago by Nico(las) Messer.

Bonjour,

Sur une installation multisite avec WPS Limit Login actif sur le réseau, lorsqu’on va sur la page des Extensions d’un des sites, le lien de Réglages est comme suit :

https://[nom de domaine du site]/wp-admin/options-general.php?page=wps-limit-login

ce qui mène vers une page d’erreur

le lien devrait être comme suit :

https://[nom de domaine du réseau]/wp-admin/network/settings.php?page=wps-limit-login

(ce lien est ok sur la page des Extensions du réseau)

Pouvez-vous corriger ?

Merci par avance

I am getting the following error with WPS Limit Login version 1.5.8.1 on WordPress 6.4.2 on PHP 7.3; happened after an auto-update of the plugin:

“An error of type E_PARSE was caused in line 58 of the file [path_redacted_for_privacy]/public_html/wp-content/plugins/wps-limit-login/classes/plugin.php. Error message: syntax error, unexpected 'bool' (T_STRING), expecting function (T_FUNCTION) or const (T_CONST)”

Rolling back to WPS Limit Login version 1.5.7 “solves” the issue, but it can be easily fixed by changing the “private bool” declarations on lines 58 to 60 in “classes/plugin.php” to be simply setting those declarations to be “private.” PHP 7.3 doesn’t support type declarations; that is a PHP >= 7.4 thing.

• This topic was modified 10 months ago by Giacomo1968.
• This topic was modified 10 months ago by Giacomo1968.

Parse error: syntax error, unexpected ‘bool’ (T_STRING), expecting function (T_FUNCTION) or const (T_CONST) in /my-server/my-super-site/wp-content/plugins/wps-limit-login/classes/plugin.php on line 58?Notice: La fonction is_embed a été appelée de fa?on?incorrecte. Les balises de requête conditionnelle ne fonctionnent pas avant le lancement de la requête. Avant cela, elles renvoient toujours le booléen?false

• This topic was modified 10 months, 1 week ago by romainprevot.

“Fatal error” on last version 1.5.8 !

Hello !

I like your plugin, it keeps things simple.

Updating my servers to PHP 8.2, I have now some deprecated notices :

Creation of dynamic property WPS\WPS_Limit_Login\Plugin::$network_mode is deprecated in /www/wp-content/plugins/wps-limit-login/classes/plugin.php on line 64

Creation of dynamic property WPS\WPS_Limit_Login\Plugin::$allow_local_options is deprecated in /www/wp-content/plugins/wps-limit-login/classes/plugin.php on line 70

Creation of dynamic property WPS\WPS_Limit_Login\Plugin::$use_local_options is deprecated in /www/wp-content/plugins/wps-limit-login/classes/plugin.php on line 71

Hi,

euer Plugin ist sehr wertvoll, absolut wichtig! Damit bekommt man auch die wichtigen Infos, welche Login-Idioten versuchen, als Admin in die Website zu kommen. Ich habe dazu auch ein Projekt gestartet! Es wird dazu auch zu euren beiden Plugins, WPS Limit Login und auch das wertvolle WPS Hide Login einen extra Artikel auf meiner Website geben.

Eine bitte an euch bzgl. ?nderungen, macht bitte die Eingabefelder für die Zeiten (Sekunden oder Stunden) etwas breiter, am besten 5-stellig!

Bei Websites meiner Freunde und auch bei meinen Websites ist mit Hilfe der Blacklist endlich Ruhe. ?? Habe da eine sehr coole Liste für die Blacklist erstellt, sperrt ALLE bisher bekannten (teilweise unseri?sen) Netzwerke komplett.

Wenn der Artilkel auf meiner Homepage:

https://www.login-idioten.de

steht, schicke ich euch eine Email.

Danke für eure wertvolle und wichtige Arbeit!

Grü?e

SoMa

P.S. hier mal ein Beispiel einer tabelle, konnte mit Hilfe von WPS Limit Login von mir erstellt werden, so viele Login-Idioten:

79.194.212.80 November 05, 2023 00:05 AS3320 - Deutsche Telekom AG Düsseldorf, BRD 79.192.0.0/10
136.158.0.53 November 05, 2023 00:09 AS17639 - Converge ICT Solutions Inc. Quezon City, Philippines 136.158.0.0/22
157.40.78.153 November 05, 2023 01:19 AS55836 - Reliance Jio Infocomm Limited Kolkata, Indien 157.40.64.0/19
130.105.207.165 November 05, 2023 01:24 AS23944 - SKYBroadband SKYCable Corporation Quezon City, Philippines 130.105.204.0/22
158.62.53.112 November 05, 2023 01:33 AS132199 - Globe Telecom Inc. Cebu City, Philippines 158.62.48.0/21
49.149.100.171 November 05, 2023 01:37 AS9299 - Philippine Long Distance Telephone Company Zamboanga, Philippines 49.149.96.0/20
103.179.8.211 November 05, 2023 01:49 AS134375 - Fusionnet Web Services Private Limited Faridabad, Indien 103.179.8.0/24
103.108.33.106 November 05, 2023 01:52 AS45727 - Hutchison CP Telecommunications, PT Bengkulu, Asien 103.108.33.0/24
157.41.226.109 November 05, 2023 02:16 AS55836 - Reliance Jio Infocomm Limited Bhubaneswar, Indien 157.41.226.0/24
103.158.146.109 November 05, 2023 02:30 AS141254 - Netfox Networks Private Limited Shāhāpur, Indien 103.158.146.0/24
175.157.46.182 November 05, 2023 02:37 AS18001 - Dialog Axiata PLC. Colombo, Asien 175.157.44.0/22
119.13.156.158 November 05, 2023 02:43 AS38623 - ISP/IXP IN CAMBODIA Phnom Penh, Cambodia 119.13.156.0/24
109.70.100.6 November 05, 2023 02:45 AS208323 - Foundation for Applied Privacy – Tor-Exit Wien, ?sterreich 109.70.100.0/24
202.4.127.252 November 05, 2023 03:20 AS23956 - AmberIT Limited Dhaka, Asien 202.4.127.0/24
157.46.157.85 November 05, 2023 03:49 AS55836 - Reliance Jio Infocomm Limited Kanayannur, Indien 157.46.128.0/19
117.219.133.46 November 05, 2023 03:50 AS9829 - National Internet Backbone Kozhikode, Indien 117.219.128.0/20
202.166.5.57 November 05, 2023 04:20 AS9506 - Singtel Fibre Broadband Singapore 202.166.0.0/17
117.247.82.153 November 05, 2023 04:21 AS9829 - National Internet Backbone Nagpur, Indien 117.247.80.0/20
103.172.48.69 November 05, 2023 04:30 AS146936 - SARASWATI INTERNET SOLUTION Tharād, Indien 103.172.48.0/24
123.201.215.236 November 05, 2023 04:44 AS18207 - YOU Broadband & Cable India Ltd. Pimpri, Indien 123.201.215.0/24
106.201.94.180 November 05, 2023 04:52 AS24560 - Bharti Airtel Ltd., Telemedia Services Hyderābād, Indien 106.201.80.0/20
103.141.89.21 November 05, 2023 05:12 AS132999 - Richa Telecom Lucknow, Indien 103.141.89.0/24
197.241.65.4 November 05, 2023 05:18 AS30990 - DJIBOUTI TELECOM S.A. Djibouti, Afrika 197.241.65.0/24
85.132.108.234 November 05, 2023 05:37 AS200446 - SELNET LLC Baku, Azerbaijan 85.132.108.0/24
154.80.107.56 November 05, 2023 05:50 AS45669 - PMCL /LDI IP TRANSIT Islamabad, Pakistan 154.80.107.0/24
37.237.110.5 November 05, 2023 05:53 AS203214 - Hulum Almustakbal Company Baghdad, Irak 37.237.110.0/24
103.234.162.216 November 05, 2023 06:03 AS133260 - Gujarat Informatics Limited Ahmedabad, Indien 103.234.162.0/24
106.195.51.39 November 05, 2023 06:35 AS45609 - Bharti Airtel Ltd. AS for GPRS Service Delhi, Indien 106.195.48.0/20

Dear Sir / Madam

I have removed all comment php, all links in the admin, and have hidden the Lost Password and Login links from the login pages, and still I get 40 attempts a day being made to login to my site, even after I changed the login slug three times.

Please can you help ?

Thank you

You need to update to fix this. Both services are telling me to uninstall the plugin.

• Plugin Name: WPS Limit Login
• Current Plugin Version: 1.5.6
• Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “WPS Limit Login” until a patched version is available. Get more information.(opens in new tab)
• Repository URL: https://www.ads-software.com/plugins/wps-limit-login(opens in new tab)
• Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/298b31e4-739e-424e-918f-77092148a6bb?source=plugin(opens in new tab)
• Vulnerability Severity: 3.7/10.0 (Low)

Hi there,

I am using your plugin on several sites. Unfortunately now I get Messages that a vulnerability has discovered.

“WPS Limit Login v1.5.6
Low Race Condition vulnerability discovered by konagash (Patchstack Alliance) in WordPress Plugin WPS Limit Login (versions <= 1.5.6)”

Will that me solved within the next patch? Yes? When will the next update be launched?

Thank you very much in advance!

Kind regards,

Thomas

I noticed that pretty much all of the functionality exposed in the WP Admin is behind the “manage_options” capability, which makes sense since the WordPress Admin/Super Admin roles have that, but this causes us some difficulty because it is quite common for us to need to unlock a user/IP after they have locked themselves out.

Due to the fact that this is a regular occurrence (we have and older clientele who often get confused about their passwords), we want our customer service employees who answer the phone calls and emails to be able to do these unlocks on the Logs page. However, the only way your plugin allows this is if we our customer service employees were granted Administrator role, which seems like overkill. They are currently in the role of Shop Manager (from Woocomerce) and we aren’t interested in giving them the ability to reconfigure the entire site with admin priviledges. Plus since we run Woocommerce we have PCI-DSS rules and we really try to limit users to what they need.

With all that said I wonder if you would consider updating this plugin so that it uses a new, custom capability to allow access to the “logs” page and allow users to unlock a user/IP? The codex discusses these custom capabilities here. From my perspective this capability should be given to Admin/Super Admin, and also to the Woocommerce role of Shop Manager. also users that use a permission-editing plugin like User Role Editor could control who has access to the Logs page.

And for clarity, it is really just the Logs page that I think should have it’s own permission/capability. The other pages/tabs in the admin ui make sense to be associated with the manage_options capability IMO.

Thank you for this great plugin.

I use larger numbers for minute or hours. Will you please make time input fields wider, because I can’t see entered values and editing larger values is not so easy.

Thanks.

Is it possible, to create a button to copy logged ip to blacklist? …maybe automaticly?

can`t get access to my wp page.
(I get a page showing a computer screen with shifty eyes and the text “YOU HAVE BEEN LOCKED OUT error”)
can i disable the plugin or delete the plugin per FTP or change anything in a config file?
appreciate any help.

someone used my username and wrong password several times.
now my wp account ist blocked. shows me a screen with computergraphic and text that the account is blocked because of too many attempts.
how can i delete the plugin per ftp? or anything else?
thanks for any advice

(at the moment i try to copy a backup from some days ago per ftp.)

Please note that the Whitelist – Add my IP has a missing English translation.

Thanks!

Hi, when one user tries to login with the wrong password all users/IPs get lockout or attempts limit. Could that be configured so the limit is set individually for each user or IP?

Hi,

Your code doesn’t set IP address when behind a Reverse Proxy

To get this done :

diff wp-content/plugins/wps-limit-login/classes/plugin.php wp-content/plugins/wps-limit-login/classes/plugin.php_modif
1017a1018
>               /*
1019a1021,1024
>               }
>                */
>               if ( isset( $_SERVER[$this->get_option( 'wps_limit_login_client_type' )] ) ) {
>                       return $_SERVER[$this->get_option( 'wps_limit_login_client_type' )];

Thanks to put this in your code,

Regards,

Bonjour,

je ne comprends pas la logique de l’historique du journal de blocage de WPS Limit Login (Version 1.5.4).
J’ai été notifié d’un blocage d’une adresse IP suite au dépassement du nombre de tentatives de connexions erronées.
Or, le journal présente celle-ci avec l’indication “Débloqué” en vert à droite du tableau.
La zone est statique (pas de clic souris possible).
Je m’attendrais plut?t à la voir en rouge avec le texte “bloqué” et la possibilité de la débloquer par un clic si elle m’est connue.

Merci d’avance pour les explications (je suis sous W10 pro).
Phil

Thanks for great couple of WPS plugins.

But they do not work together.

Logout returns user back on dashboard, still logged in.
When WPS Hide login is deactivated, logout works OK.

Tested on WP 5.9, two sites NGinx/Apache

Thank You

on our wordpress site your plugin had been working wonderfully for years.
but with lastest wp update. the backend of the site became unavailable. ipage tech support found your plugin to be the cause and deactivated it… things went back to normal after that.

Just wanted to let you know.

Thanks for all you guys do.

Derek Packard

Helle everyone
we use a WordPress multisite installation. Since we have balcklisted some IP addresses we are locked out.
Unfortunately we can’t find a matching entry in the database called “wps_limit_login”. There is nothing stored in “wp_options”.
Where can we find database entries of the plugin?
Thank you for your help, it’s really urgent.

Do I need this if I have Jetpack installed? Any duplication of functionality?

Cheers.

All,

Before I used only WPS limit login, perfectly.
Since I activated 2FA I notice that even starting the login page results in a false login, for which my counter for false logins is activated, after which I experience 20 miutes or even 24 hours ban from my website.

How to solve this?
Nico Keijser

Dear,

since installing this plugin I have more login attempts than I ever have normally. Why is this happening?

why create a menu showing the WPS user limit in user menu?

How do I enable XMLRPC gateway protection? I see that it is a feature, but I don’t see it in the UI.

WP LIMIT LOGIN v 1.5.0 works great.
Upgrading to v 1.5.1 causes a critical error.
Error type E_ERROR.
Caused in line 98 cannot redeclare “dnh_is_dismissed” as it’s previously declared in line 75.

Is there a FIX?