gregjf908

I can’t tell you why the plugin behaves that way. Maybe something the developers can reply with more info. However, how would the Limit login attempts plugin know you are using 2FA? And if you are using 2FA, why do you continue using a plugin that stops excessive login attempts?

BTW…

My connection is that I got to know the developers very well. They have helped with various issues with my sites and the plugin from the beginning. As you kindly pointed out, I do occassionaly come in here and answer questions from users and provide input. Why does it matter to you if I am or not? I took the time to answer your question and your reply is not very pleasant.

Just because you added 2FA, doesn’t mean the brute force attacks stop. The bots have no idea you have 2FA so they will try. The only way to prevent them is to use a reverse proxy. Check out this article on the LLAR website.

https://www.limitloginattempts.com/why-am-i-still-seeing-login-attempts-even-after-the-ip-got-blocked/

Here is an article on fake attempts as well https://www.limitloginattempts.com/could-these-failed-login-attempts-be-fake/

The pro version absorbs the attacks in their cloud app instead of your local server, which can help with performance.

BTW- you can turn off the email notifications in the plugin settings.

I think this is a good idea for a daily digest.

Wordfence and several other freemium plugins do the same thing. Let’s be thankful that we receive great free software that works well.

While that text might be true, I admit it’s a little strong. Most sites have a low level of bot activity. It is when you go from 7 to 1,000 is when you might have resource issues. Maybe it should say, “This is a low level of activity” or something along those lines.

grant, I’ve run into this issue with some of my sites. There could be several things happening.

– Do you have other security plugins installed? If so, deactivate and try again.
– Do you have multiple websites with LLAR installed? Have you tried your other sites to see if everything works properly?
– Have you spoke to your web host about the problem? Sometimes these issues are server side.

Jaywalker, you are entitled to your own opinion, but 2M active users including GoDaddy adding it to all of their sites might say otherwise. I’ve had issues, but they were resolved by troubleshooting.

sorry it didn’t work for you, but it’s definitely not a scam. GoDaddy and other large hosting providers pre-install it.

Do you have other security plugins you use that might be conflicting? Also, is your IP address dynamic? I’m not saying you are wrong, but if the safelist didn’t work, I’d believe the 2M+ active users would be much more active here with complaints.

sorry to hear you are having issues. I tested one of my clients websites and didn’t have any trouble with the whitelist IP feature. Sometimes my sites I have trouble with limit logins, but usually it’s a conflict with another plugin. Might want to check that.

BTW- the forum does have support activity from the devs.

Leon, you should try posting this in the Support Threads in stead of giving a 1 star review. There could be some settings on your website causing some issues. Hopefully you are able to figure it out.

How do you know they are fake attempts? Have you cross referenced the IP addresses to confirm this? Limit Login attempts has been around for 5+ years so they would be exposed if they were engaging in this practice. Also, tell me a plugin that doesn’t try to sell you their upgraded version, it’s just how software works.

I don’t really know what is happening with your website, but if the plugin was sending fake attempts, it would surely be exposed in the 5+ years of its existence. Bots can find your website through many avenues including a shared host IP address. Have you checked the origin of the IP addresses of the login attempts or any research of that matter? Probably not.

I’m not sure that the dubug code has anything to do with why you are getting a lot of login attempts. Does the site that has a lot of login attempts get more traffic? It’s also possible the server the site is hosted on has more bot activity in general.

It’s not hard for hackers to find usernames. Here’s an article that explains in more details how they are able to find it. That’s why you just have to use strong passwords and make sure your site is protect by plugins like this.
https://www.wp-tweaks.com/hackers-can-find-your-wordpress-username/

In the upgraded version, you can block by country. Check out the premium plus package https://www.limitloginattempts.com/pricing/.

This plugin doesn’t block comments. You might want to check out Akismet for that.