Has anyone had issues with the Limit Login Attempts plugin for WordPress? Installatron at Reclaim installs it automatically and it worked fine until recently. Now I’m getting lots of problems with students having difficulty or getting locked out when trying to access their newly created (created for them) blogs. I can’t pin it down to LLA, but if I deactivate Limit Login Attempts, the complaints and issues seem to disappear. I have noticed LLA seems to be counting it as an attempt when just accessing the login page, not when hitting the login button on the login page.
I also noticed that the plugin seems pretty long in the tooth - last updated 5 yrs ago. Wonder if I’m getting a conflict with WP v. 4.7 ?
Anyone else have experience?
We had this issue on one other server where the server was acting as a proxy and all visits to the login page were logged as the same IP causing much mayhem. Not related to LLA but that’s what made us notice it because so many people were getting locked out. Let me see if that might be the case here. The plugin is rather old but also very basic in functionality and we haven’t seen the issues you’re describing on any other servers and we keep it on with all of them.
There appears to be a new plugin in the wp repository called “Limit Login Attempts Reloaded” that purports to do same functionality and update/replace the older one. It didn’t appear clear to me what they did that’s different though. Of course I don’t have visa from Programmistan so reading the plugin code doesn’t tell me much.
semi-related issue: Any recommendations for a relatively lightweight plugin to whitelist or blacklist countries (by IP) to block logins? I really don’t want the overhead of WP Fence or some other the security plugins, but I would definitely like to block some countries.
I checked on the old ticket and the solution wouldn’t apply here. The other server was running separate security software that caused it to be seen as a reverse proxy and we ended up disabling that software however you’re not running it on your server. Are these students running into the issue in a lab setting or do they all have distinct IPs? That can definitely be an issue with shared IP usage since all these plugins see 1 IP as 1 user. In general might not hurt to have it disabled globally which can be done from Installatron > Features > Uncheck Limit Login Attempts as an option for new installs.
Thanks for the explanation. I’ll likely uncheck and maybe try the new LLA Reloaded on some sites.
It’s been a mix of logins. Some were in labs, many on student machines but on school net, others students at home. I noticed for example, that if it was set to 4 attempts, the first time I called the login page in a browser it showed a red warning of “3 attempts remaining”. WIthout logging in on that browser tab, I opened the same login page in a different browser (same machine) and it showed “2 attempts remaining”. Odd.
LLA dislikes the Press This bookmarklet so it might dislike a few other tools as well