I have a client site where I can login to the main site fine. But any attempt to switch to a sub site, or login directly, or even to switch to the network admin bombs out with an error noting to wait for 6 hours.
If you’re using Wordfence you definitely don’t need Limit Login Attempts, WF will take care of limiting logins by IP. As to whether the plugin is flaky it’s hard to say. Installatron has it included by default on all of our installs across all servers and this is only the second time we’ve heard of any issue at all, but of course many don’t run Multisite (though enough where I still think we’d here more about it). It’s certainly been a long time without updates to the plugin so it’s quite possible more recent versions aren’t handling things well. I’d personally like to see Installatron find a better supported plugin for that kind of thing but as a low maintenance way of providing some basic protection on WP installs it seems to still be working for most people.
It does, I can’t remember what field but the IPs are stored in the database somewhere in wp_options (there’s a GUI option to clear out blocked IPs as well as whitelisting, but that only helps if you can get logged in).
Alan, I’m not sure if I’m the “one other” that Tim refers to, but I’ve had similar troublesome behavior with LLA on my multisites. I finally deactivated it. In the .org repository there’s a forked, updated version of Limit Login Attempts. I think it’s called Limit Login Attempts Reloaded. Up to date, tested up to 4.8 and currently maintained.