johanee

You can control how long failed login attempts are remembered using the “xx hours until retries are reset” setting.

The default is 24 hours, and the time is reset at each failed attempt.

(If you have 1 failed attempts with 1 hour remaining until reset and fail again there will be 2 failed attempts with 24 hours remaining.)

Most sites can decrease this value (12 hours?) without major decrease in security provided.

You can remove a lockout-in-progres, but not whitelist IP’s. Adding such functionality… I’m not sure. I want to keep the basic security function as simple as possible. Not give an attacker anything to work with to get around the restrictions.

I’ll consider it.

Ok, sorry about that misunderstanding! ??

On the Limit Login Attempts plugin options page, does the IP in question get logged, and show up as blocked (turn on plugin IP log if necessary)?

If yes
Then there shouldn’t be any problem: the IP will fail to login regardless of username/passwords tried.

However. Reason for failure get filtered at a later stage. No information should leak to attacker, but the original WP error object (including original failure message) is passed along to any other plugin that uses the relevant hooks, wp_login_failed get triggered, and so on.

If no
Then please mail me at [email protected] and I’ll try to debug it further: please tell me about what plugins you have active — especially if they use the authentication hooks (authenticate, wp_authenticate, wp_authenticate_user, …) or replace those pluggable functions. Could you send along a link or copy of your event logging so I can make sure exactly what gets checked?

This is from your webserver/system log?

WordPress doesn’t log failed login attempts. This plugin does not use the webserver log. So these messages are probably from the webserver.

I’m guessing you are password-protecting part of your site (perhaps the admin directory) using .htaccess or similar. That would explain things: someone is trying to brute-force the .htaccess protection.

The .htaccess test is made by the webserver before any PHP code is executed. There is nothing any WP plugin can do about it.

Either that or you are using some other WP plugin that hooks into wp_login_failed. If so please send me a link so I can check it out!

Thank you. Your translation will be included when I make a new release of the version 2 branch.

I’ve recently started working on version 2 again, and I do hope to finish it. ?? Though I’ll probably not have a final release for at least a few weeks.

Good.

I’ll make sure we handle these kind of situations better in next version.

Thanks for testing!

Ok, I’m pretty sure that the problem is that your log option variable have somehow become damaged, which isn’t handled gracefully by the plugin.

I’m going through the plugin to better handle this kind of errors, and will release an update once it’s gotten some testing.

( If you feel comfortable making direct database changes, and have SQL access to the site, you can test it by running: DELETE FROM wp_options WHERE option_name = 'limit_login_logged'; )

If there have been any lockouts the log is show on the bottom of the plugin settings page.

I assume you get that error with version 1.4.1 of the plugin (as that is the only way the line number makes sense).

Do you use PHP 5?

That code is about adding an IP to the lockout log.

Do you get the error reliably? If so it should happen any time a new IP/attempted user combo is to be logged.

Does the log work for you? I assume from your first question that it might not.

I think I know what might be the problem. Would you be able to check a modified version of the plugin? If so, please mail me at <[email protected]>.

Thank you!

I have included your translation in the just released version 1.5.

“me too”

Version 0.8.5.2 did not work (test did not finish, ever), current development version seems to work perfectly. This is using Amazon S3 and WordPress 3.0.

Do you have any kind of timeline or goal for making a new release? Is there anything we can do to help you (code, testing, documentation)?

I’d like to use the CDN functionality on a customer site, but I am a bit hesitant to use development software.

This should be very easy to do. The plugin has a very modular interface vs. the storage.

I’ll add it to the todo list, but I do not have time to do anything about it for perhaps a few weeks.

From a quick look at the eAccelerator docs at https://bart.eaccelerator.net/doc/phpdoc/ it looks like it should be more or less a copy of the apc storage.

Ok, thank you.

Can you test if new development version solves it?
https://www.ads-software.com/extend/plugins/cache-translation-object/download/

What other plugins do you use? Any language related?

I’ve changed the error message slightly so it’ll show the locales in question and pushed to the development version (that is the only change there currently). Could you test and see what it says?

https://www.ads-software.com/extend/plugins/cache-translation-object/download/

Thank you.

The translation is included in the current release (1.3.2).

I’ve seen people use it — apparently successfully — but have not tested myself.

If anyone still have any trouble with the plugin please post or email me. There are no known problems apart from the above incompatability with Absolute Privacy.