Limit Login Attempts

A WordPress plugin

Loginscreen during lockout

Loginscreen during lockout

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

Description

Limit the number of login attempts possible both through normal login as well as using auth cookies.

By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

Features

  • Limit the number of retry attempts when logging in (for each IP). Fully customizable
  • Limit the number of attempts to log in using auth cookies in same way
  • Informs user about remaining retries or lock out time on login page
  • Optional logging, optional email notification
  • Handles server behind reverse proxy

Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish

Plugin uses standard actions and filters only.

Download

You can always find the latest version to download here.

Installation

  1. Download and extract plugin files to a folder in your wp-content/plugin directory.
  2. Activate the plugin through the WordPress admin interface.
  3. Customize the settings from the options page, if desired. If your server is located behind a reverse proxy make sure to change this setting.

Requires at least WordPress 2.8, tested up to WordPress 3.1-RC4.

Screenshots

  1. Loginscreen after failed login with retries remaining
  2. Loginscreen during lockout
  3. Administration interface in WordPress 2.7

FAQ

  • Why not reset failed attempts on a successful login?
    This is very much by design. Otherwise you could brute force the “admin” password by logging in as your own user every 4th attempt.
  • What is this option about site connection and reverse proxy?
    A reverse proxy is a server in between the site and the Internet (perhaps handling caching or load-balancing). This makes getting the correct client IP to block slightly more complicated.The option default to NOT being behind a proxy — which should be by far the common case.
  • How do I know if my site is behind a reverse proxy?
    You probably are not or you would know. We show a pretty good guess on the option page. Set the option using this unless you are sure you know better.
  • What do I do if I get a notice about it being unable to replace wp_get_current_user()?
    Limit Login Attempts no longer replaces any pluggable functions.
  • Why write a new plugin instead of using Login Lockdown?
    When looking at it I was not satisfied with how Login Lockdown solved the technical issues.Then I also found a number of ways to improve things: handle auth cookies login, show users how many login attempts remained and for how long they are locked out. Have the option to notify the admin about lockdowns.

314 Responses to “Limit Login Attempts”

  1. diorTinofiz says:

    Hi People
    How are you doing?

  2. Fat Cow says:

    Hi author, I want translate your plugin to russian language. Please tell me Your email, simply reply me. Thanks, Fat Cow

  3. jim says:

    Sounds like the plugin I've been looking for! Will it work with WordPress MU? Any idea how it might work with users logging in via Simple:Press Forums?

    Our server blocks IPs after 5 failed attempts, but people still lock themselves out. I like the warning messages your plugin implements.

    Thanks!

  4. Thank you.

    I know people have used it with MU -- apparently successfully -- but I have not tested myself.

    I took a brief look at Simple:Press and it appears at first glance to use the normal WP login functions which should make the core functionality work though the warnings will probably not show up in what looked like various inline login forms.

    Please report any success or failure!

  5. Keith Davis says:

    @Johan
    Plugin looks great... I've installed it on a development site I have set up on a local server using XAMPP. If all goes well, I will use on live site.

    Good feature is that it doesn't tell you if the username or password is incorrect, so it doesn't give the hackers any clues.

    When I test it on my local site, and eventually lock myself out, does deactivating and reactivating the plugin return the failed attempts to zero? Or do I have to remove and reinstall the plugin?

    Thanks for sharing.

  6. It can be noted though that there are numerous more subtle ways to find valid user login names in stock wordpress -- the big target for plugin version 2 (unfortunately delayed and still in beta).

    Re. lockouts:

    The plugin admin page allows you to reset current lockouts. Unfortunately, you have to be able to login to get there... :)

    Currently I never clear active lockouts in any other case (even reinstall) -- I'll put it on the todo list, it is a good idea.

    If you have access to the database and are comfortable with SQL (HACK WARNING) you can remove them directly (`UPDATE wp_options SET option_value = '' WHERE option_name = 'limit_login_lockouts'`).

    I would recommend using a short lockout time while evaluating the plugin. Deactivating the plugin will obviously let you login.

  7. Keith Davis says:

    @Johan

    Sent details of your plugin to Shinephp and the guy over there did a review... see link below:
    http://www.shinephp.com/limit-login-attempts-1-4-1-wordpress-plugin-r...

    He recommended your plugin over Login lockdown

    I will install on my live site.

  8. jim says:

    Please report any success or failure!

    Just thought I'd provide some MU / Simple:Press feedback... using our dev. environment, v2.0b3 seemed to work perfectly on our main blog running WPMU 2.8.5.2. It also seems to play nice with Simple:Press since any login errors are shown on the WP login screen, not inline on the Forums page.

    I may or may not install this on our production site quite yet though, for the following reason. Limit-Login must be placed in the Plugins folder to work, and then it only works for the blog on which it is activated. We do not want to give all users this level of control. Using WMPU Plugin Manager, I limited activation to the main blog only, and this solves half the problem – sub blogs no longer have access to the plugin, but then it no longer limits/logs login attempts on those blogs either.

    Since our primary concern is users locking themselves out after 5 failed logins (via our firewall settings) when signing in on the Forums page, this plugin may very well meet our needs, since only a few users may be logging in directly via their own blog.

    I like the ample warning it provides, and how it logs IP addresses. A nice feature would be the ability to remove ban from specific IPs, instead of all at once.

    Thanks again, kep up the good work!

  9. Thanks for the feedback.

    I've been looking at MU recently and hope to add real support for it once I get 2.0 out the doors.

  10. Jason Wong says:

    Amazing plugin.

    However, I wish that it can work well with Login with Ajax plugin/widget, as I noticed that the error message produced by the Limit Login Attempts plugin isn't immediately displayed on the Login with Ajax widget. It appears that's a loop delay ... Strange??

    Please keep me posted if there's a possible solution to this 'hiccup' ...

    Cheers ... Jason

  11. ds281 says:

    Would love better support for MU if possible! Loving what this plugin provides so far on the main blog! Thanks for your work.

  12. Daniel Kamp says:

    Very cool Plugin ! Thanks!

  13. realesegame says:

    How in work rhis plugin in wordpress 2.9.1?

  14. Erik says:

    Hey,
    I use wordpress mu(2.9.1.1) and I just spent some time reworking the plugin(1.4.1) to be more MU friendly. I will mention that this plugin works FANTASTICLY with wordpress mu 2.9.1.1.... Other Mu users may find this usefull... A couple things...

    first, I set the variables at the top of the plugins .php file i wanted to be global. The file is very well noted by the author, OMG thank you! Very easy to control what variables the plugin activates with thanks to great coding and thoughtful notation.

    Then I changed the function that mails lockout notification to the administrator, so that it will email the super site admin(me) rather than that particular sub blogs admin.. what i did was modify the get_option in line394 to say:
    @wp_mail(get_site_option('admin_email'), $subject, $message);

    Then, i changed the code where it constructs the plugins dashboard submenu. I changed it so that it would show under the site admin menu instead of settings. that way only the super site admin can see it and not the sub blog administrators. I changed Line 607 to:
    add_submenu_page('wpmu-admin.php', 'Limit Login Attempts', 'Limit Login Attempts', 10, 'limit-login-attempts', 'limit_login_option_page');

    Then I used the plugin manager to auto-activate the plugin for all users sitewide.. that way any newly generated blogs will automatically activate the plugin with the settings I want, and having moved the menu, users cant modify them.

    It is important to note, that if the plugins menu is accessable to your users, they can deactivate the plugin. Rather than attempt to solve this, i will just hope that my users are not that stupid.

    hope this helps...

    oh, the settings I changed to my likeing were;
    login attempts moved to 5,
    lockout time decreased to 15 min.
    lockout log settings changed to 'log, email'
    and notify email after 1 lockout

  15. BjornW says:

    Johan,

    I've made a Dutch translation for your nice plugin. I've made it already available through my own website, but I hope you will add it to the plugin so no extra steps are needed any more to use your plugin in Dutch.

    The translation zip file can be downloaded here: http://www.burobjorn.nl/blog/wp-content/uploads/2010/03/limit-login-a...

    Thanks for providing your plugin to the community!

    All the best,
    Bjornw

  16. Hi.

    I'm looking for an addon like this but with a captcha function instead of block the login form. Can you add this feature? Or if you want I can tell you my idea, modify the code and send the patch.

    Big regards

  17. Richard Wing says:

    Hello,

    Will you be adding support for preventing multiple people logging into an account even if they know the correct passwords? I want to lockout people that share their account details too. Something similar to this http://www.newmedias.co.uk/your-minder/ I love yours and need it but also need the capabilities of what the other developer offers.

    Is that something you would consider adding into your functionality? Or do you suggest that I get both?

    Thanks,
    Richard Wing

  18. oVa says:

    Hello

    I just finished the French translation of your plugin: limit-login-attempts
    You'll find it here: http://doku.host56.com/wplugins/limit-login-attempts-fr_FR.zip

    Can be integrated into a future version?

    Thank you in advance!

    oVa

  19. Gervásio says:

    Hi Johan

    I've made a Brazilian Portuguese translation for this plugin, based on version 2.0beta3. I've made it available through Mediafire: http://www.mediafire.com/?kjyrfx96b0xfo49

    I hope you include it in 2.0final. Also, feel free to contact me via e-mail, for future updates.

    Regards.

    Gervásio.

  20. weston says:

    request: in the Lockout log, date and time would be great!

    I would also love a dashboard stats window.

  21. Weston,

    Thanks for the suggestion. I'll probably add that.

  22. Gonzague says:

    awesome plugin thanks a lot ! It helped me detect people trying to break in quite a few times

  23. AriK says:

    Hi, Johan.

    While testing a translation service site, I made Finnish translation for this plugin. It can be found from:

    http://crowdin.net/project/wp-limit-login-attempts-plugin

    Feel free to download it, include it in build, etc.

    Feedback on translation accuracy also appreciated (if there're any Finns online).

    -Ari

  24. Ari,

    Thank you. I'll queue it up for next release.

  25. beatus says:

    Not working under WP 3.01

  26. Huji says:

    Limit Login Attempts is a great plugin, but I'm afraid there is a tiny regression in it (as of 1.5.1):

    When you fail to login, the login counter for your IP address is increased by one. If you successfully login on the next attamep (and here is the bug:) the attempts counter should be restored to zero, but it remains unchanged.

    Although I believe "reseting to zero" is a mandatory feature, if you think it may not be desirable by all users, you can make it an option config.

    Keep up the good work!

  27. Beatus,

    Could you describe the problem in more detail? Perhaps mail me the details as johan.eenfeldt@kostdoktorn.se? What is not working, what happens instead, version of plugin, etc.

    Huji,

    That is very much by design, and have been that way since day 0.

    Otherwise it would be possible to attack admin using 1 less than allowed retries. Then reset retries by loggin in to a normal account.

  28. Nicole says:

    Hi Johan,
    It seems something strange is going on with ths plugin on my site.
    I go to my blog, go to the login page, and when I get there, it already says "too many failed login attempts" and locks me out for 19 minutes. Even if I haven't been to my blog for a week or so. What does this mean?
    Thanks in advance,
    Nicole

  29. Nicole,

    Thank you for the report.

    I wont be able to investigate in detail until this evening (local time) but it sounds like there is a bug in how the plugin handles failed cookie login. If old cookies don't get cleared as they should it result in a failed login each pageload -- on the login page or not.

    I made what I thought was a my small simplification in that code for the latest release, so it is possible I made an error.

    Try to disable cookie login handling in the plugin options.

    I'll check it in a few hours.

  30. Hmm, having looked at it and tested the code I cannot find any problems. It still sounds like something regarding auth cookie handling, but I cannot see how it could happen.

    Do you use any plugins that affect login and/or cookie behaviour?

  31. Constanta says:

    Great plugin and I'll queue it up for next release.
    Good job alls!
    Thank you!

  32. Tim Gary says:

    Thanks for the great plug in. I'm recommending it for all my clients.

    I too have seen the too many failed login attempts message, and indeed disabling the cookie login handling takes care of it.

    On this particular site, there is a simple:press forum, as well as a content protection script (DAP), and I'm just wondering if those could be part of the cause. I know that the forum "remembers" me pretty much indefinitely, but I'm prompted to login to the content-protected area.

    Additionally, the "Secret keys" and "Salt" in wp-config was updated from the defaults a few days prior to noticing the problem. No idea if that could be part of the cause. Seems like after happening maybe once, it should be good to go.

    Anyway, disabling the cookie handling solves it, but wanted to provide a little more info in case it triggers any thoughts on what might be happening!

    Thanks again,
    Tim

  33. IIWYM says:

    This is a great plugin.

    Are there plans to add the ability to set safe IP addresses? I have a couple of WP sites, and it seems that when I login to one and then try to log in to the other, I get locked out. I get in by deleting the file but I wish I could set my IP as a safe location.

  34. Christoph says:

    Hi, I experienced something that looks similar to what Huji wrote above:
    After a failed login attempt and a subsequent successful login, I log out and there is still that warning message "x attempts remaining". I think this can be quite confusing. Even if it makes sense to keep on counting for a certain time after a successful login, it would be good not to display that warning directly after logging out. I would display it again only after another failed login has occurred. The warning is useful as information only when a login has failed right before.
    Also, I would appreciate an option in the settings to reset counting to zero after *every* successful login. This still gives a good deal of protection because logging in every xth time with a known password in order to guess the admin password would take quite a while and some admins might be willing to take that risk.
    thanks

  35. Kakel sickan says:

    Also want to recommend another plugin thats calld "badbehavior", it blocks alot of bots and other things that spider around on the web.

  36. Hello, my hosting company has isolated a problem that keeps bringing down our website. I'm contacting the developers of all the plugins i'm using to see if it could be their plugin that's the cause of this problem. Listed below:

    Hello Chris,

    The problem you are having is due to some processes running on
    74.43.13.1 and 12.166.36.250 that are trying to connect to closed ports
    resulting in one-hour blocks of the IPs by the hosting server's
    firewall. For example, we are seeing a large number of attempts to
    access port 389 which is the LDAP port even though we don't offer LDAP
    services. Similar hits are seen coming from both 74.43.13.1 and
    12.166.36.250.

    Nov 17 13:27:41 *TCP_IN Blocked* SRC=74.43.13.1 DST=209.236.73.59
    PROTO=TCP SPT=14368 DPT=389
    Nov 17 13:27:43 *TCP_IN Blocked* SRC=74.43.13.1 DST=209.236.73.59
    PROTO=TCP SPT=14346 DPT=389
    Nov 17 13:27:47 *TCP_IN Blocked* SRC=74.43.13.1 DST=209.236.73.59
    PROTO=TCP SPT=14368 DPT=389

    Another example, is a process running from port 60073 on 12.166.36.250
    today that scanned UDP ports 33590 through 33623 between 12:16:37 MST
    and 12:19:22 MST. This port scan resulted in the following one-hour
    block:

    Nov 17 12:19:26 *Port Scan* detected from 12.166.36.250 (US/United
    States/-). 21 hits in the last 102 seconds - Blocked for 3600 secs
    Nov 17 13:19:30 Incoming IP 12.166.36.250 temporary block removed

    The processes running on 74.43.13.1 and 12.166.36.250 that are scanning
    our hosting server's ports need to be stopped. If they continue to run,
    the IPs will continue to get blocked as they have dating back to
    November 3. Some of the firewall's blocks last one hour and some last
    three hours or more depending on the perceived severity.

  37. David Miller says:

    Any chance of an ip white list section added to the plugin at all ?

  38. Hi!

    I have switched on WP_DEBUG on my test blog and try to minimize PHP notices which are output. Your plugin is responsible for one of them: "Notice: load_plugin_textdomain was called with an argument that is deprecated since version 2.7 with no alternative available."

    The correct syntax of line 99 in the plugin file should be:

    load_plugin_textdomain('limit-login-attempts', false, dirname(plugin_basename(__FILE__)));

    See: http://codex.wordpress.org/Function_Reference/load_plugin_textdomain

    It would be great if you could change this for the next plugin release! Thanks a lot for coding this in the first place! :-)

    Regards,
    Johannes

  39. Johannes,

    Will fix. Thank you!

  40. Bob says:

    I changed my URL's in WordPress from mysite.com to http://www.mysite.com and when I tried to log in the plugin started counting attempts and now I am locked out of my site.
    How do I get back in?

  41. To remove lockout:
    http://wordpress.org/extend/plugins/limit-login-attempts/faq/

    ... and thank you for the report. I've been chasing the bug where cookie limit will sometimes kick in and apparently not clear invalid cookies. This gives me another idea to test.

  42. Samuel says:

    It would be very nice if you update the changelog :)

  43. I have, but apparently it takes a while to update on wordpress.org sometimes. Check the readme.txt for now!

  44. derdini says:

    Türkçe

  45. Last time, I tried Login Lockdown on a local server. It messed up my local test site and locked me out. I'm gonna try this version and hope it works for me. A lot of my blogger friends are recommending this and feeling really secure about their blogs.

  46. Hope it works out better for you. Please check the FAQ if you lock yourself out testing this thing.

  47. Doug Kaller says:

    When this plugin was suggested, I wondered why anyone would want to log into my website. I still do not know the answer but for the past 5 days, someone has been trying to get into my admin page. I have had about 20 "Too many failed login attempts" emails. Although I am sure it is only one hacker, there have been at least 3 different IP addresses. Thank you for protecting my work.

  48. ANA Designs says:

    Great plugin! I'm using it on several sites and have never had a problem with it.

    If you accept donations for your work I'd love to buy you a cup of coffee :)

  49. Mace says:

    I installed it, nice plugin.

    I enabled it, and I still see I am getting hammered but some remote server that keeps on trying anyway. I am sure it does not know it is "blocked". A nice hack/extension would be to optionally add the offending IP address to .htaccess. Even if you lock yourself out accidentally, you could update the .htaccess file.

    Maybe another idea is to perhaps not send *any* response to reduce the frequency of the attacks.

  50. Mace, thanks for your comments. It is a situation I've thought a bit about.

    From a password security angle it doesn't matter really if they keep trying once you've got this plugin active. They will not be able to brute force the password. You still want to use a decent password to be safe of course, in which case we're talking age of the universe timespan to break it.

    It is still annoying though. If they do it often enough it might also be considered a DOS security issue.

    There is the issue however of multiple users behind the same NAT/proxy (at a company or university for example).

    Right now they won't be able to log in if they have a bad guy on the same network. If you block the ip in .htaccess they won't be able to access the site at all. And this is a situation that will get more and more common now that we're kind of out of ip4 addresses.

    It would also require the .htaccess file to be writable by the web server at all times, which is a security issue of its own.

    I'm still thinking about it, but I don't think it would be a good idea for most people.

  51. Pietro says:

    Hello,
    We are using your plugin....and so we thought to make a link at your page ;)

    http://www.automotivespace.it/connessioni/

    Many thanks

  52. Gary says:

    The Log of lockout IP addresses worked on first install but after using the clear log button, the locked-out ip addresses are no longer displayed. The header and clear log button are also missing. Have you got any suggestions to fix ?

  53. Gary says:

    Sorry, meant to say after using the clear log button new, subsequent lockouts are not appearing even though I've been getting notification via email telling me there have been failled login attempts.

  54. Mau says:

    The same issue here. The log went missing after I cleared it.
    An Improvement would be that there is an option to send the emails to a different address.

  55. Gary, Mau

    Thanks for the report. This is fixed in 1.6.2. Sorry for the delay.

  56. Keith Davis says:

    Hi Johan
    Great plugin - just updated.

    Thanks for doing such a great job.
    I use your plugin on all my clients sites.

    Your plugin is much appreciated.

  57. Marcus says:

    Hey Johan,

    Great plugin! I use it for years.

    It would be super to see the dates in the logout log. Right now we see the IPs and the usernames. Then I'd like to see a third column with the dates -- and perhaps a drop-down or something when there were more than one tries per IP/UN.

    Either way, keep it up!

  58. Gary P says:

    Have just installed updated plugin but log still not showing. Do I have to wait until there's another lockout (post-installation) or do I have to clear database entries (if so which ones) ?

  59. New lockouts will show in the log.

  60. Hi,

    I just updated the Limit Logins plugin a couple of days ago. This morning, when I tried to login, the plugin would not recognize any of my userids or passwords. Yet, when I went to one of my posts and clicked the "Site Admin" link, I got to the admin page without any problem. Very strange.

    Since I can't tell what's going on, I deactivated the plugin for the moment to avoid getting completely locked out. Has anyone else run into this problem?

    Thanks,

    Chris

  61. I haven't had any reported problems so far, and I cannot think of anything that could result in your situation. You obviously get logged in and the correct cookie set, or you would not get the admin bar at all.

    Do you have any other plugin that does login related stuff?

  62. Jackieyo says:

    Thanks fou this plugin,useful a lot

  63. elsim says:

    One question: How to display date in log block?
    Today's date is shown on log in, is important.

  64. Mark says:

    Johan,
    Great plugin. Any thoughts about adding a way to configure what email address the admin logs are sent to? It would be nice to be able to send alerts to another email address rather than the default WP admin email.

  65. Mike says:

    Hi Johan,
    How do I customize, as I don't get the normal Options configuration panel in my dashboard?
    Regards
    Mike

  66. Once the plugin is activated there should be an option page under the "Settings" menu.

    Something like:
    http:///wp-admin/options-general.php?page=limit-login-attempts

    Nothing is shown on the dashboard page right now.

  67. scott4design says:

    On my most popular site I used your login and it opened my eyes to stuff going on I had never noticed before. Thanks...

    Is there a tool in your plugin to help with something like this? Or any recommendation?

    Lockout log

    IP Tried to log in as
    213.251.189.201 justin82 (3 lockouts)
    67.228.21.218 justin82 (2 lockouts)
    62.75.244.128 justin82 (6 lockouts)
    74.53.173.146 justin82 (6 lockouts)
    200.0.176.43 justin82 (4 lockouts)
    208.69.122.25 justin82 (4 lockouts)
    193.202.110.175 justin82 (4 lockouts) ... and it continues

  68. If you only allow login from admin-type users you can tighten the plugin settings somewhat, but default settings are safe as long as you have decent passwords.

    With a strong passwords it would take millions of years to brute-force crack, even with multiple IP trying. Still annoying though.

    I recommend 12+ random character passwords and preferably a password manager.

  69. scott4design says:

    Right on... thanks for answering. Annoying is right. I read an article about recommended security for wordpress and your widget was on the list. When I loaded it I saw things that I did not know were going on... I have seriously beefed up security.

    Thanks for writing this, its cool.

    Cheers

  70. MisterE says:

    I use this plugin in combination with "login logger". I notice that when a user is locked every attempt is still logged by "login logger". I'm worried it flood my server db.
    Is it possible to add a feature to stop processing other plugins when locked?

    (i don't know what a hacker uses to bruteforce. But do theire scripts see the "locked" status?)

  71. Regina says:

    Thanks for a great plugin. A Russian IP is trying to get into a blog I manage. I'm glad I was able to block them.

  72. MisterE says:

    another feature request. Like to have a whitelist feature for users. This is handy for creating a second admin account which can always unlock.

  73. Marcus says:

    Hey Johan, any news as to when you'll include the dates in the logout log? :-)

  74. ben says:

    Can you tell me how to unlock a user if the are accidentally blocked. How, as an Admin, do I do that -- is it as simple as clearing the log or do I have to go into the DB somehow?

  75. Jeff says:

    Great plugin. I have to say I'm astounded at how hard some people are trying to get into our site. I set it so that 1 lockout sets the lockout time to 24 hours. Yet there is one IP that has been locked out 9 times since I installed the plugin 2 weeks ago! The email notification is great. Thanks!

  76. Peter says:

    Thank you Johan, for writing that plugin!
    Just like many commenters here I was quite surprised to see how many failed login atempts there are on my small blog.
    If you've got some spare time sometime, I'd second the wish for a timestamp in the log. :)
    Cheers
    peter

  77. An awesome plugin that answered questions about who is trying to get in.
    Bit concerned about the date of the plugin, no worries, this works great with current WP version.
    Thanks - hope to see more!

  78. webster says:

    Awesome plugin, thank you for this, I rated is with five stars.

    Feature request: it would be good to see the password, which user tried to submit.
    Or you are not showing password intentionally because of security reasons?

    P.S. [whining]it is better to align text on site to the left, because in this case intervals between words are the same and it is better to read for an eye than justified text [/whining]

  79. Doug Stewart says:

    Howdy,
    Great plugin. Minor nit to pick: the English translation calls out "reversy proxy". Might want to change that to "reverse". *grin*

    Thanks.

  80. There are lots of plugins are available in we, but most of the plugins are useless, i think this plugins will be a good one.

  81. 411Plumb says:

    Hi Johan,

    Great Plugin! Thank You Very Much!
    The added security for my sites is greatly appreciated, and Limit Login Attempts gets it done!

    The login attempts I see are pretty much trying to log in as "Admin" which is comforting seeing as the #1 rule on WordPress Security is don't have an "Admin" user. Those that do have an "Admin" user should use the http://wordpress.org/extend/plugins/admin-renamer-extended/ to change the name of the "Admin" user to a different name. People should also use a "Nickname" which shows as the user name to those who visit the site, so the admin logon name is not shown publicly.

    The only things I can think of to improve the Limit Login Attempts plugin would be:

    Being able to set an e-mail notification address other than the WordPress site admin's address.

    Being able to reset a single IP Address of a legitimate user that was accidentally locked out when they forgot their password.

    Again, Great Plugin & Thanks!

  82. purkleturkle says:

    Hi I would love to use this with bbPress have you done this before?

  83. Rocky says:

    Loving this plugin. I have it on a couple of sites and it's certainly stopping the script kiddies in their tracks.

    I'd put in another vote for a whitelist if it's possible. I just managed to lock myself out accidentally so I had to log in from a different IP address to reset myself. Others may not have this luxury.

  84. GROO says:

    Is Version: 1.6.2 kompatible with WordPress 3.2.2. ?

  85. Hi! Congrats for this extremely useful plugin.

    Just wanted to let you know that I developed a small feature to allow whitelisting some IPs, you can find the diff patch on https://gist.github.com/2711886 if you're interested in merging it into the plugin

  86. Pete says:

    This is without doubt the most significant security hardening feature I have installed on my blog! Invaluable! If only I'd found/though of it before I got hacked. Essential plugin for any WP site...

    However, one enhancement request: can we have date and time added to the lockout logging please?

  87. Rocky & Felipe,

    So I've added support for IP whitelist in the new release. Kind of. There is a filter to do it, as I'm still against it in principle! ;-)

  88. Pete,

    Yeah, it's on the to do list. I've actually implemented it for my big 2.0 re-shuffling of settings and options, but it's been stalled for forever now.

  89. oldgoat1957 says:

    Just wanted to thank you for this plugin, I have been using since last year and it's a nice addition to the other security measures I have in place - I appreciate your efforts in making and maintaining this!

  90. Karen says:

    Thank you for this plugin! Someone tried to access my account early this morning. The plugin notified me of this and even gave me the IP address. This person is located in the Ukraine (I'm in the USA). For all of those people who are considering this plugin, don't wait any longer. It works great!

  91. shawn says:

    Thank you Johan, this is by far one of the required plugins for any of my WP sites. It stops brute force attacks in their place.

    Like others have requested, a timestamp would be a great addition, and or an option to display which country code the IP came from. (i know i know, asking for a lot hehee) Love your plugin regardless.

  92. Anasta says:

    I want to use the plugin, but the most of all users are using the same IP-address, this means trouble if one user didn't know his password and trying until he locked out all of the other users. I can't find an option to lockout only usernames.
    So I think, I'm using the whitelist option. but I don't know what I have to do, where do I put the IP-address, I tried several things, but it doesn't work. Please, who can help me?
    Thank you in advance.

  93. RWBronco says:

    I'm using a login log and seeing multiple people try 20-25 times per minute before it finally locks them out. Here's an example: http://i.imgur.com/bYvq3.jpg

    So your plugin IS working - it just doesn't seem to work fast enough.

  94. Guy says:

    I use Limit Logon Attempts to try to prevent hacking, and two plugins that log logins. Recently, I received a message from your plugin that it had locked an IP after 5 attempts to login as "admin." But when I look at the logs, I see the IP was attempting another user name. Also, the logs showed more than 2,000 attempts from the IP, and this number was confirmed by looking at the web site's raw access logs.

    Two questions: why was the account name reported incorrectly, and why were the attempts not actually stopped?

  95. I've translated the plugin into Simplified Chinese,I've also sent the file to your mailbox,please review and give me the feedback.

    Thanks!

  96. webster says:

    It would be good to see the last entered password.

    It is easily could be made by adding this code to the "limit-login-attempts/limit-login-attempts.php" file to line 556:


    $message .= "\r\n\r\n";
    $message .= sprintf(__("Password: %s", 'limit-login-attempts'), $_POST['pwd']);

  97. Nik says:

    Hi, I made you a Croatian language translation:
    http://katanaswords.info/limit-login-attempts.1.7.1-hr.rar

    If you want you can include it in future versions of your amazingly simple yet useful plugin.

    Keep up the good work!

  98. Dear Johan,

    I just want to thank you for this plugin. It successfully blocked a hacking attempt on a website that I maintain, one that has been the target of Islamic terrorist hackers many times in the past. BUT NOT ANYMORE!!! Woohoo!!!

    Thank you so much. I am completely indebted to you.

    Regards,
    Ian

  99. karoshi says:

    The plugin works great, thanks. Does it support IPv6?

  100. Erwin Heid says:

    Hi Johan, I have in total 8 websites and your plugin is runing well. Only by one I have just few weeks some problems. It´s my website Just-a-green-life-4u.com. If I try to lock into my admin, it´s coming - ERROR: Too many failed login attempts. Please try again in 167 hours. - and I have done no mistake with a wrong passwort. I tryed again the same after this 167 days, without sucssess. I did try to change my passwort, still the same problem.
    What can I do.......

    thanks for any help.
    kind regards
    Erwin

  101. Peter says:

    I just got another brute force attack on my blog. I got an email after 5 login attempts, but the attacker just kept going on sending POST login requests.

    I assume the actual login possibility is disabled when the ip is blocked? You can't ofcourse block a POST request, just from within wordpress or this plugin.

    I am currently looking into combining this plugin with fail2ban, so i can block access on port 80 for the ip that is locked out.

  102. artak says:

    hi autor, thanks for plug-in, I have translated it into armenian language, pls. replay and I sent you a translation files. Thank you !!!

  103. Peter says:

    Hi,

    I modified the plugin to also log to a file with a timestamp and the ip. This way I can use fail2ban to indeed block it in iptables on port 80. I just got another attacker, and he was blocked, and now my server doesn't get overloaded in post requests anymore.

    Maybe an idea to support logging to external file?

  104. Jukka says:

    Thank you for your excellent program. My blog is very fond of attempted break-ins, and this program is to protect, but could you add a feature that I can release my own admin IP address on a banned list. I only have one time left to my own blog. Agents who try to break the 9,999 hours or one year from closing.

  105. egorpromo says:

    I want say to developers of Limit Login Attempts, for security reason add this code at the begining of limit-login-attempts.php file:
    <?php defined('ABSPATH') or die('Access denied');

  106. Stalyn says:

    Thank you for this very useful plugin.

  107. Shyam says:

    thanks a lot for your plugin , keep up the good work

  108. Susan says:

    Hi,

    I love this plugin! Thank you so much for this.

    I would like to echo a request that 411Plumb already mentioned "Being able to reset a single IP Address of a legitimate user that was accidentally locked out when they forgot their password."
    This would be great. I've made an error logging in 2 times over the past year and it never resets for me even after all this time has passed without me making any errors logging in. I'm not sure if this is something that can be done, but that would be great :)

  109. Leesa says:

    These are in fact enormous ideas in on the topic of
    blogging. You have touched some fastidious things here.
    Any way keep up wrinting.

  110. I want to to thank you for this excellent read!

    ! I absolutely loved every bit of it. I've got you book-marked to look at new things you post…

  111. Silke says:

    Hallo,
    großes LOB für dieses PlugIn, es scheint fantastisch zu funktionieren, die Installation und Einstellung ist auch ganz einfach. 5 vermutliche Hacker Angriffe wurden bei mir registriert oder soll ich sagen gewarnt worden, sie konnten nicht in mein Webseite schaden anrichten, weil sie sich einfach nicht einloggen konnten, zudem habe ich ein schwieriges Passwort und einen bekloppten Benutzername eingerichtet das verstärkt die Sicherheit des WordPress auch nochmal zusätzlich, aber nur wenn man den Benutzername und Passwort während der Installation sich aussucht und nicht danach ;-) ganz wichtig!!!!.....klasse das Ding, danke

  112. Herb Green says:

    Hallo, in den Einstellungen des Plugins steht "Anmeldungen via Cockies berücksichtigen". Das sollte wohl eher Cookies heißen :)

    Vielen Dank, ich habe das Plugin eben gefunden und installiert. Danke!

  113. Uwe says:

    Hallo,
    ich habe Limit Login Attempts ebenfalls eingebunden und nach diversen Versuchen und Hack-Angriffen wie folgt konfiguriert:
    2 erlaubte Versuche, 7200 Minuten Sperrung, 1 Sperrung erhöht 9900 Stunden, 9990 Stunden bis zurücksetzen. Egal wie kurz oder lang die Zeiten konfiguriert sind, schaffen Angriffe immer wieder bis zu 30 Anmeldeversuche. Im Protokoll liegen zwischen drei Versuchen 1 oder 2 Stunden, bis die gleiche IP wieder Anmeldeversuche startet. Nach den o.a. Einstellungen kann das ja eigentlich nicht sein (7200 Min. = 120 Std.).
    Hat jemand eine Idee, woran das liegt?
    Irgendwer versucht permanent die Seite zu knacken, 7 Tage die Woche, fast ununterbrochen.

  114. Mate says:

    Hi

    How about adding a feature, to automatically add locked IPs to WP-Ban plugin? This would really help me a lot as now I have to do it manually every time someone locks out.

    rgds
    Mate

  115. Have you stopped updating this plugin? Does it work with the current WP 3.5.1?

  116. Henrik Andersén says:

    Hej,

    Först och främst, tack för en bra plugin!
    Jag saknar möjligheten att köra ett lokalt script på servern efter ett definierbart antal utlåsningar för att automatiskt kunna lägga till adresserna i en blocklista i brandväggen.
    Är det någonting du skulle kunna tänkas lägga till i framtiden?

    MVH
    Henrik

  117. Peter says:

    Hey Guys,

    I currently use the "Limit Login Attempts" Plugin -- so I have a question?! Can I use both "Limit Login Attempts" & "Login LockDown"?? For the reason being that both together will act as DOUBLE Security.... Also they both have totally different functionality. Plus, if one breaks down... or they bypass one of them.

    So, I'm assuming they shouldn't conflict with each other, but I'm just wondering if anyone here has already tested these together?

    In Many Thanks,
    Peter

  118. Sarah says:

    Hi there,

    Is there any way to clear failed login attempts that I make (by mistyping my password) so that I don't lock myself out?

    Thank you.

  119. user says:

    Thanks for the perfect plugin! many thanx again

  120. I've upgraded to WP 3.5.1 and I have WooCommerce and a WooTheme installed. After the upgrade, I can't log into the admin area... I get "You do not have sufficient permissions to access this page." - but if I turn off the Limit Logon Attempts plugin by manually changing the folder via FTP, everything works again. Strange no?

  121. JASA SEO says:

    Thanks plugin security admin :)

  122. Jonathan says:

    hi,
    Great plugin, has helped us i'm sure with numerous attempts to hack our site using standard mechanisms - even if it's just to keep an eye on the frequency of attempts.
    One thing "Email to admin after X lockouts".
    We have 3 admins, but how do we change the person who is currently getting emailed notifications to be someone else?
    Many thanks.

  123. hayley says:

    Just got a notification from Wordfence that a user was locked out after 20 attempts. However, I set your plugin to lock a user out after less than 5 attempts. I actually didn't realize Wordfence had this feature too. Is there a conflict having both plugins that do the same thing? Why didn't your plugin catch the login attempts before they got as high as 20?

    Thanks.
    Hayley

  124. Brian says:

    I have the same issue as Amal. With the plugin enabled I am unable to log into the admin panel unless I am on the local server. I am also on wordpress 3.5.1

  125. Georg says:

    God dag i Sverige,

    thanks for the helpful plugin!

    One question about the Mails to the Admin-Setting:
    Unfortunately, I can't set the number after which an email is sent higher than 1.
    Is there another way to do that?

    Thanks in advance,
    Georg

  126. Gary says:

    It's mind-bogglingly staggering the number of attempts that are made on my sites!

    I'd love a way to just block some IP addresses, I've got a few that clearly are just pounding on the server and there's no reason to let them continue.

    The other thing I'd like to have is just a list of usernames (root, admin, administrator and similar names that I do not use) that I know people are attempting to brute force that as soon as someone types a username in the list they're kicked off for x number of hours (if not blocked).

    I guess what I really should like to see (what I should be actually be concerned about) is how often people are trying to brute force usernames that actually exist!

  127. Michael says:

    This plug-in is a must have for personal and commercial blogs. I checked the log book after I locked myself out by accident and I noticed a lot of log in attempts from IP addresses I don't recognize. Amazing that some people are even remotely interested in my site!

  128. josh says:

    please update the plugin for better compatiability with 3.5.1 !!! thanks

  129. Prageesha Galagedara says:

    I change my hosting and it stopped sending mails to email to admin.. I receive other emails but alert mails which send by limit login attempt is no more coming to my mail. I delete and re installed the plugin too

  130. Chris Pink says:

    Invaluable. Great piece of work. Thank you very much.

  131. I am getting dozens successful attempts from a single IP in Russia in a second. The lockout feature is working, but not until after many attempts. Any idea what might be going on? I have examples, if that would be helpful. My settings are

    Total lockouts 36 lockouts since last reset
    Active lockouts 1 IP is currently blocked from trying to log in

    Options
    Lockout
    3 allowed retries
    5000 minutes lockout
    2 lockouts increase lockout time to 2000 hours
    4000 hours until retries are reset
    Site connection It appears the site is reached directly (from your IP: 206.72.98.34)
    Direct connection

    Handle cookie login Yes
    Notify on lockout Log IP
    Email to admin after 1 lockout

  132. Roy Scott says:

    Awesome plugin, thanks a lot for creating it. First time i locked out myself for an hour. Good tip might be to don't set the minutes lockout too long if you want to test it yourself, but... it works! :))

  133. Ed says:

    I installed the plugin, but there is no options page for it. Is this a bug, or am I doing something wrong?

  134. David says:

    Same issue as Ed above. I have installedand activated 1.7.1 on WP 3.5.1 yet don't see a Settings or Options link. Where is found?

    Also same question as Peter (28th Jan): Can I have both "Limit Login Attempts" & "Login LockDown" activated at the same time?

  135. paul says:

    I like this a lot. It shows me how slack I have been in managing things and how tough WordPress is at bearing up under these constant attacks.

    One feature I would like to ask for: can you provide an exportable list so I can add these jokers to my list of banned IPs?

    As an added level of security, some users here might consider Stealth Login Page as well.

  136. David says:

    I found where the User Setup Options are. It actually shows it in the 3rd Screen Capture provided above the FAQs. In your W/Press admin area click on Settings (on left nav panel) and then click on "Limit Login Attempts' at bottom. This opens the user options.

  137. BartC says:

    Just install Limit Login Attempts. I have enabled Email to admin.

    There are three admins, one author. But the only email that is sent is to the author. None of the admins rec'd any email.

    Any idea what is up with that??

    WP v3.5.1

    bc

  138. Morris Wong says:

    Hi, Johan

    I just install this great/helpful plugin for few weeks, and it works well for my wordpress BLOG. So I install it in more of my wordpress systems. This plugin do block and detect lots potential attack, most of them I did not even notice before. Thank you so much, great job ! *bow*

  139. Loggy says:

    Reverse proxy issue.

    I have a number of sites on my Ubuntu 10.04 VPS and have installed Limit Login Attempts on them all.

    I am running WP 3.5.1 with nginx in front of Apache (mod_rpaf installed).

    I clicked the 'behind reverse proxy' and it tells me:

    It appears the site is reached through a proxy server (proxy IP: 1.2.3.4, your IP: 1.2.3.4)

    when I am viewing the site from 1.2.3.4, not the true reverse proxy.

    Something is wrong here!!!

    But it looks a very useful plugin, particularly in the present bot scare.

  140. yj says:

    hi johan:
    i like your plug-in but i can't use it as i use direct connection and proxy both. i change the way all the time.
    you might know there are many sites was blocked in china and many sites (mostly video) not be able to access from outside of china.
    why not give an option as both direct and proxy?
    thanx!
    yj

  141. After I installed this excellent plugin on my personal site, I installed it on a company site as well. I can configure it just fine on my site, but when I try hitting the Settings -> Limit Login Attempts page to configure it, all I get is a "Are you sure you want to do this?" message with a hyperlink named "Please try again" that takes me back to my WP admin page.

    Any idea what's happening?

    I've tried deactivating/reactivating and even a reinstall. Nothing changes. The settings page still shows "Are you sure you want to do this?"

    Please advise....

    Thanks,
    greggl

  142. Hello.
    Are you able to make this plugin work with WP 3.5.1?

    Thank you.

  143. Mary says:

    I have installed this plugin, but there is no "setting" or "option" listed with plugin
    just details/edit

    What am I doing wrong?
    I dont onderstand the REVERSE PROXY? Is this a default?

    Thanks Mary

  144. Joan Carles says:

    Hello,

    Plugin very good, I recommend it!

    As a suggestion, you could set the warning mail is Delivery? I have several WP with the same e-mail and when attacked I have to look one by one by the mail that is generated does not say that WP is.

    Thank you very much, good work

  145. Heloise says:

    Hi
    Thanks for this cool plugin, but since I activated it, I keep being logged out after a few minutes while a backup is running for instance. Does it work with the Wp 3.5.1? I see "Compatible up to: 3.3.2" on the plugin page, so is my bug related to the fact that this plugin isn't compatible yet to the latests wp version? thx :)

  146. Anon says:

    It would be nice for the Lockout log to show some info of when the locks where put into place.

  147. Woah! I'm really digging the template/theme of this site. It's
    simple, yet effective. A lot of times it's very difficult to get that "perfect balance" between user friendliness and appearance. I must say that you've done a excellent job with
    this. Additionally, the blog loads super fast for me on
    Chrome. Excellent Blog!

  148. Kendall says:

    Hi,
    Very nice plugin thanks! As a web host we encourage users to install this plugin. Also discourage users from having a username "admin" as that is the #1 tried login hack name. It would be great if you could add a field (comma separated list?) of usernames to immediately apply "lockouts increase lockout time" to. Just a suggestion.
    Thanks!

  149. The plugin works great, thank you. I installed it when I heard of worldwide attacks on WordPress sites a month or so ago. It has detected and locked out hundreds of IP addresses so far--I am amazed at the number.

    But I have the same problem as Georg above (from Feb 18, 2013): The number of lockouts before an email is sent is 2 by default. I tried changing it to any other number and it stays at 2. Our site seems to be getting probed a lot, as I am getting 20 or more emails a day these past few days, yesterday I got 39.

    I will have to turn that selection OFF but thought you should know this is not working.
    Thanks,

    Steve

  150. Hey There. I found your blog using msn. This is a very
    well written article. I'll be sure to bookmark it and return to read more of your useful information. Thanks for the post. I will definitely return.

  151. Dianna says:

    A person essentially assist to make critically articles I might state. That is the very first time I frequented your website page and to this point? I amazed with the analysis you made to create this particular post extraordinary. Wonderful job!

  152. Rainers Blog says:

    Limit Login Attempts – wofür und wie einrichten...

    Nachdem ich nun schon einen Spamschutz, Antispam Bee von Sergej Müller und das Backup-plugin BackWPup installiert habe, kommt nun der nächste Schritt, um mich vor Angriffen von außen zu schützen. Dazu habe ich mir das Plugin Limit Login Attempts von Jo...

  153. Installed this plugin on one of my Forex signals sites, have been planning to do it for a long time. Hope it works fine. I'll keep you updated. Lots of great reviews here, must be good.

  154. Marc says:

    thanks for this nice plugin.
    It would be still nice to have the hints after an unsuccessfull login changed.
    Instead of. password ist wrong
    login not successful, please try again

  155. Brent says:

    Hi there! This is kind of off topic but I need some guidance from an established blog. Is it tough to set up your own blog? I'm not very techincal but I can figure things out pretty quick. I'm thinking about making my own but I'm not sure where to begin. Do you have any points or suggestions? Thanks

  156. What a great plugin! Thank you so much for creating it, maintaining it and sharing it with all us WP bloggers. I'm getting set to write a blog post about it in the next day or two. I hope it brings you lots more users. Thanks again!

  157. Tuch says:

    Thanks for a superb plugin, it works well and is very easy to configure.

    One thing I would like to know, is how can I unblock a single IP rather than unblocking all blocked IPs?

    We have several writers on our site and every now and then (esp after holidays) one will lock themselves out and the only way to unblock them is to also unblock all the bad guys.

    Any help would be appreciated

  158. Rosita says:

    Even as I completely relate to all of the issues with the order fulfillment industry, I've truly noticed it to be a lot more daunting than expected to come across non-repetitive and insightful websites like yours - Limit Login Attempts devel.kostdoktorn.se.

  159. Kosta says:

    Hi,

    there are not many must haves out there. This plug in is doubtless one of them. I donate once in a while because you deserve it

    Thank you for this outstanding piece of software.

    Have a pleasent day.

    Kosta

  160. Marilyn says:

    Excellent blog right here! Also your website a lot up very fast! What host are you the use of? Can I am getting your associate link for your host? I wish my website loaded up as fast as yours lol

  161. Stephania says:

    Hello Dear, are you actually visiting this web page regularly, if so after that you will absolutely get pleasant know-how.

  162. Selma says:

    It's remarkable to pay a visit this site and reading the views of all colleagues on the topic of this piece of writing, while I am also eager of getting know-how.

  163. Craig says:

    I justrecently heard learned of this plugin and have only heard positive comments about it. I'd like to install it on my site but I'm concerned whether it will work on wp 3.5.1 or 3.5.2 as the wordpress.org plugins directory reports not enough data to determine if it works on wp 3.5.2 and the last update was on June 1st, 2012.

    Can you tell me if it does work on wp 3.5.2? Is the cookies bug or clear log bug still happening?

    It seems to be an excellent plugin and the first security plugin that I will try to use.

    Thanks,
    Craig

  164. Marlon Pace says:

    I just installed this plugin on my site. I'm not completely clear on one of the configuration fields. What is meant by resetting a retry? Also, I'm not receiving emails. Any thoughts?
    Thank you.

  165. Hi Johan -
    I love your plug-in! I've been under attack, likely from bots, for several months now and really appreciate having something like Limit Login Attempts to help me keep my site safe.

    I'm pretty technical, so I have a good idea of what most of the settings are for. However, I would REALLY like to see some kind of helper page that defines all the fields and buttons. That would really help me to learn what these settings do.

    Any chance on getting that information in a future release, or added to your Installation or FAQ tabs?

    Thanks for considering my request!
    Lori

  166. Robbie says:

    Pretty! This was a really wonderful post. Thank you for providing these details.

  167. Jacinta says:

    Remarkable! Its in fact remarkable post, I have got much clear idea concerning from this piece of writing.

  168. Doug DePrenger says:

    Suggestion: show the last date,time the log was cleared and counter was reset.

  169. Good day! This post could not be written any better!
    Reading this post reminds me of my previous room mate! He always kept chatting about this.
    I will forward this post to him. Pretty sure he will
    have a good read. Thanks for sharing!

  170. onni says:

    we have installed the plugin, but became the visctims of our own resetting the passwords.
    We can't getin to our own site, since it is gonn take 999hours for the first new possibilty.
    What to do??

  171. Damien says:

    Hi there! This post could not be written any better! Reading this post reminds me of my previous room mate! He always kept talking about this. I will forward this write-up to him. Pretty sure he will have a good read. Thanks for sharing!

  172. Ivan says:

    It really helps to lockout the spammers out there! Great plugin!

  173. Sebas says:

    Use the plugin and like it. Unfortunately I still get notification mails of login attempts even though I unchecked this option in the settings.

    Pls help to solve this problem.

    Thx

  174. Latesha says:

    Great post. I used to be checking constantly this blog and I'm impressed! Very useful information specifically the closing section :) I care for such information a lot. I used to be looking for this particular information for a long time. Thanks and best of luck.

  175. Bryce says:

    What i don't realize is if truth be told how you're no longer really much more well-preferred than you might be right now. You're very intelligent. You already know therefore significantly with regards to this matter, produced me in my opinion believe it from numerous varied angles. Its like women and men aren't involved unless it's one thing to accomplish with Lady gaga! Your individual stuffs great. All the time care for it up!

  176. Rodrigo says:

    My programmer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he's tryiong none the less. I've been using WordPress on a variety of websites for about a year and am concerned about switching to another platform. I have heard excellent things about blogengine.net. Is there a way I can import all my wordpress content into it? Any help would be greatly appreciated!

  177. Ruby says:

    Great info. Lucky me I recently found your blog by accident (stumbleupon). I have book-marked it for later!

  178. Kaylene says:

    Hello all, here every person is sharing these knowledge, therefore it's nice to read this weblog, and I used to pay a quick visit this blog everyday.

  179. RAM says:

    The Limit Login Attempts plugin is simply great.

    Even so I do recommend one feature in your update; i.e. please include the "EXCLUDE IP" option so that we can exclude our own STATIC IP from getting locked by some mistake.

    Does my words make sense for your future update?

  180. For the reason that the admin of this website is working, no question very shortly it will be famous, due to
    its quality contents.

  181. Rosita says:

    It is the best time to make some plans for the future and it's time to be happy. I've read this post and if I could I want to suggest you some interesting things or advice. Perhaps you could write next articles referring to this article. I desire to read more things about it!

  182. Daisy says:

    I'm no longer sure where you are getting your info, but great topic. I must spend some time finding out more or figuring out more. Thank you for excellent information I used to be searching for this information for my mission.

  183. Zack says:

    Hi there it's me, I am also visiting this website on a regular basis, this website is truly good and the users are actually sharing nice thoughts.

  184. Josefina says:

    Hello my loved one! I wish to say that this article is amazing, great written and include almost all vital infos. I'd like to peer more posts like this .

  185. Torsten says:

    Unquestionably believe that which you said. Your favorite justification seemed to be on the net the easiest thing to be aware of. I say to you, I definitely get annoyed while people think about worries that they just do not know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects , people can take a signal. Will probably be back to get more. Thanks

  186. Debbie says:

    When someone writes an article he/she retains the idea of a user in his/her mind that how a user can be aware of it. Therefore that's why this piece of writing is perfect. Thanks!

  187. Sadie says:

    It's amazing to go to see this website and reading the views of all mates regarding this piece of writing, while I am also zealous of getting know-how.

  188. Merissa says:

    Hi there are using WordPress for your blog platform? I'm new to the blog world but I'm trying to get started and create my own. Do you need any coding knowledge to make your own blog? Any help would be greatly appreciated!

  189. I'm impressed, I must say. Rarely do I encounter a blog that's both equally educative and entertaining,
    and without a doubt, you've hit the nail on the head. The problem is an issue that too few folks are speaking intelligently about. Now i'm
    very happy I stumbled across this during my search for
    something regarding this.

  190. Nick says:

    Hey there would you mind sharing which blog platform you're using? I'm looking to start my own blog in the near future but I'm having a tough time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I'm looking for something unique. P.S My apologies for being off-topic but I had to ask!

  191. Philipp says:

    Have you ever considered writing an e-book or guest authoring on other sites? I have a blog centered on the same information you discuss and would love to have you share some stories/information. I know my readers would value your work. If you're even remotely interested, feel free to send me an e mail.

  192. Monty says:

    Thanks for the marvelous posting! I definitely enjoyed reading it, you can be a great author. I will be sure to bookmark your blog and may come back sometime soon. I want to encourage you continue your great job, have a nice holiday weekend!

  193. ist very usefull tips and article

  194. Andrea says:

    Hello colleagues, nice post and pleasant arguments commented here, I am genuinely enjoying by these.

  195. C Wilkerson says:

    I've been using this plugin for a month or so now, and it works like a charm. I appreciate so much that you created it. Thank you, thank you, thank you!

  196. fsdkl says:

    Good plugin.
    Blocked 1500+ login attempts http://pastebin.com/VNYejka6

  197. Jayson says:

    Hello, I wish for to subscribe for this blog to obtain most recent updates, so where can i do it please help.

  198. Alissa says:

    If some one needs to be updated with newest technologies therefore he must be go to see this website and be up to date everyday.

  199. Gertrude says:

    If some one wishes expert view on the topic of blogging and site-building then i recommend him/her to pay a quick visit this website, Keep up the fastidious job.

  200. Fay says:

    If some one needs to be updated with newest technologies then he must be go to see this web site and be up to date everyday.

  201. kursi kantor says:

    great content If some one needs to be updated with newest technologies then he must be go to see this web site and be up to date everyday.

  202. its a nice article, i love this article

  203. Kristine says:

    Hey! I just wanted to ask if you ever have any trouble with hackers? My last blog (wordpress) was hacked and I ended up losing many months of hard work due to no backup. Do you have any solutions to protect against hackers?

  204. Damian says:

    Hi there, every time i used to check website posts here early in the daylight, because i love to gain knowledge of more and more.

  205. Albertha says:

    Every weekend i used to pay a quick visit this site, for the reason that i want enjoyment, as this this web site conations genuinely nice funny stuff too.

  206. Duane says:

    Generally I do not read article on blogs, however I would like to say that this write-up very forced me to take a look at and do so! Your writing style has been surprised me. Thank you, quite great article.

  207. Sophia says:

    I like what you guys are usually up too. Such clever work and reporting! Keep up the fantastic works guys I've included you guys to my personal blogroll.

  208. Myrna says:

    We are a bunch of volunteers and opening a brand new scheme in our community. Your website provided us with helpful information to work on. You've done a formidable process and our whole neighborhood will likely be grateful to you.

  209. Agustin says:

    Hmm it appears like your blog ate my first comment (it was extremely long) so I guess I'll just sum it up what I had written and say, I'm thoroughly enjoying your blog. I as well am an aspiring blog blogger but I'm still new to the whole thing. Do you have any tips and hints for newbie blog writers? I'd certainly appreciate it.

  210. Emil says:

    Nice plugin! Thx
    Just one issue: when changing the options you create entries in sql - wp_options. when deleting the plugin this entries are left and will not be deleted.

  211. Celsa says:

    Thank you a lot for sharing this with all of us you actually recognise what you're talking approximately! Bookmarked. Kindly also discuss with my website =). We may have a link change contract between us

  212. Etsuko says:

    Definitely believe that which you said. Your favourite reason appeared to be on the web the simplest thing to take note of. I say to you, I certainly get annoyed at the same time as other people consider concerns that they just don't know about. You controlled to hit the nail upon the highest and outlined out the whole thing without having side-effects , people can take a signal. Will probably be back to get more. Thanks

  213. Deena says:

    It's in point of fact a great and useful piece of info. I am happy that you just shared this helpful information with us. Please stay us up to date like this. Thanks for sharing.

  214. Hi,

    Great plugin, thanks. A feature request, though:
    allowing email alert for "too much incorrect attempts from same IP" to be sent to a chosen person (or group of persons) instead of the admin - first because there might be several admins; second and foremost because I don't want to have to check this, I am in a fire-and-forget setup where I create blogs for friends and I want them to warn me, not the other way around.
    UI-wise, I see it as a drop-down list of users.

    Thank you!

  215. Oliver says:

    Hello,

    I'm sorry, I must inform you of a MAJOR issue resulting from the interaction of two plugins :
    - Limit Login Attempts (yours, haha)
    - ThreeWP Activity Monitor

    Once a blog member has been locked out because of bots trying to login as his username with dictionary passwords (impossible to hide his username, it is shown by wordpress in various areas, some of them cannot be forbidden from being shown, like the RSS), then that username is blocked by the Limit Login Attempts plugin.
    However, the problem comes from ThreeWP Activity Monitor, a plugin made to keep track of what the blog members are doing, and, see this plugin ALSO monitors failed login attempts.

    Problem : if a user is blocked, connection attempts with a valid username and password are ALSO logged.
    And when the blog member is finally able to log in, after the default waiting time, we can easily see a successful login attempt from the IP-host that was previously logged as failing to login with the xxx - yyyy password combo...

    See the problem ?

    I'm also reporting it to ThreeWP Activity Monitor's creator, but, maybe you could also, who knows, do something about it, I honestly have no clue, I report the problem just in case.

    Well, that's it.
    Good day to you !
    Oliver

  216. Marquita says:

    Good day! This is kind of off topic but I need some advice from an established blog. Is it tough to set up your own blog? I'm not very techincal but I can figure things out pretty quick. I'm thinking about creating my own but I'm not sure where to begin. Do you have any tips or suggestions? Thank you

  217. Great plugin John,

    WordPress seems to be a target for hackers, my old blog has been hacked a number of times and this time i am going to make sure that my work is not disrupted in any manner!

    Piyush

  218. Nhb says:

    This plugin saved my wp blog from hacked 2 times!
    Thank you for creating this useful plugin for FREE! God bless.

  219. Jon says:

    Would you consider adding an option for permanently blocking IP's?
    And, after failing to login, what about adding a URL redirect where the hackers browser can be sent to?
    Thanks for your consideration

  220. Mo says:

    Hi John,

    I love this Plugin and I want to thank you.. Thank you! :) But I need 2 more options! Is it possible to extend the log/protocol/lockout? What we see is the IP and username with login retries. But I want to see full credentials and a timestamp too. I'd certainly appreciate it.

  221. jeremiah says:

    Awesome plugin, I have just blocked a bot that was trying to hack my site for over 4 days. I love this plugin. It is a MUST!

  222. Wolfgang says:

    Hello,

    Limit Login Attempts always worked great - got 1.7.1 installed

    Last night, some guy had 18 tries to log in - any Idea how to bypass
    LLA?

    Best regards
    Wolfgang

  223. Tanya says:

    Hello Johan Eenfeldt, I was wondering if a "country of origin" block was in the works. I have seen a few plugins that do this but they are brand new with no feedback on them.

    I have a lot of people from different countries trying to hack the site on a daily basis and would like to limit log in options to only USA IP addresses if possible.

    Thank you for your consideration and for this amazing plugin!

    Sincerely,
    Tanya

  224. Jiwan Tamang says:

    Really nice plugin to be secure from long fake attem

  225. Jiwan Tamang says:

    Really nice plugin to be secure from long fake login attempt

  226. libre1433 says:

    merci

    pour sympa plug-in je fait un essais se jour

  227. One of the best plugin i ever seen.
    Congrats Johan, and Merry Christmas
    Cheers!

  228. David says:

    I have installed this plugin on two sites and both started developing random problems with display back and front end of the site, had to disable it, sorry.

  229. Arleen says:

    Very good information. Lucky me I discovered your blog by chance (stumbleupon). I've book marked it for later!

    You must view my youtube video on the subject of how to make money online legitimately by clicking right here

  230. Tomis says:

    Awesome plugin, I recently installed it on my blog.
    Your post is very helpful,
    Happy new year Johan!

  231. Carsten Otto says:

    Hey,

    I've got a massive Problem with login attempts and installed your plugin. But it doesn't work. I'm monitoring the attempts with another plugin and the same IP has up to 40 tries/minute. Do you plan any updates there?

    You can contact me if you like.

    Thank you

    Carsten Otto

  232. In the last 3 days your plugin has locked out over 100 different IP addresses - I set things up so offending IP addresses get locked out for 72 hours based on 1 lockout which is defined as 2 retries. That's the good news ... and BTW thank you for a great plugin. Just wondering if there's any way to permanently black list these IP addresses so they cannot attempt to login at all? I know I can simply increase the number of hours, but eventually they could try again.

    Thanks, Mike

  233. Richard says:

    It seems not to work 100%,
    My settings are:

    Lockout 5 allowed retries
    20 minutes lockout
    4 lockouts increase lockout time to 24 hours
    12 hours until retries are reset

    But 1 and the same ip adress achieved to made 999 tries, according to the 'ThreeWP Activity Monitor' plugin. Probably it was more but logs are limited for 1000 entries.

    Nice adition would be that there are at least 30 seconds between an single entry

  234. George says:

    Great work dude,the plugin is awesome it protected my blog from around 100 of failed login attempts.

    Protecting my adim won't be a burden with limit login plugin for free.

  235. Sergiy says:

    Great plugin.
    It works with the custom login page of my theme well.
    However after failed login or during lockout there are no notification in my custom login screen
    Just wondering if it possible to "broadcast" some variables in case of errors (let's say by session_start(); in the "limit-login-attempts.php" and sending some flag using $_SESSION ).
    So, I can catch them inside my custom php
    Thanks, Sergiy

  236. Timbangan says:

    Hi,
    in some case it very help for every webmaster from many attacker.

    Thanks for the post

  237. stefany says:

    Great plugin!
    It works with the custom login page of my theme well.
    However after failed login or during lockout there are no notification in my custom login screen..

  238. Olaf says:

    Hi, great plugin - thanks for the work, also the reserve proxy feature, which others miss.

    We have the plugin in place and at also blocks false login attemps. However those scripted login tries we see (a lot) just keep trying and that it annoying. I have manually added a few of their ips to our firewall (block) and removed them again after some minutes. There were no more login tries attemps from the ips we shortly blocked on the firewall.

    So it would be a nive update (*feature request*) to give ips with a certain blocking retry (the ones with 24h block maybe?) a different answer instead of the nicely normal looking wp login screen with an error message on it. Maybe throw them a 403 or 404 with no further page content or even drop the connection at all. That would substantially annoy those bots, that are programmed to deal with "login failed" simply by continue trying (they don't know why they are failing), but are going away/to the next target once they realized that there is no wordpress anymore on the address.

    Would be great if you could implement something like this.

    Greetings,
    Olaf

  239. Sergiy says:

    Adding ips of the multiple failed logins to firewall doesn't resolve the problem, unless you have deal with the kids that fulling around after reading some "hack manuals" only.
    The real problem lies when your site is a "target" and experiences thousands/sec login attempts from different ips, belonging to innocent users (botnet). In this case you can't (just physically) add their ip to firewall. Even if you will, you just block these users (not attackers) from access to your site. So, the option ("Nice adition would be that there are at least 30 seconds between an single entry" mentioned by Richard and message ( as I mentioned before that could be incorporated in to the custom login form) something like " To many failed login attepts.... IF YOU RECEIVED THIS MESSAGE BY MISTAKE PLEASE CHECK YOUR COMPUTER FOR VIRUS/WORM OR CONTACT YOUR ISP... bla, bla ,bla.
    Creating log file (IP,Date,Time(very useful in order to determine if attempt is a part of attack), Name, Password) could be a nice addition.

  240. René says:

    A great Plugin!
    Thanks a lot!
    René

  241. ObY says:

    hello ,
    i'm french, excuse my bad english...

    Your plugin is fantastic but i want to block an ip will be connect to my site... for .. all times ...

    i don't want to download plugin and plugins ... just add a simple block ip in your module ??

    very thx !!!

  242. David says:

    Thank you very much. Your plugin is very useful.

    Let me suggest a little improvement: the email with warnings maybe would be better if you include the link to a report tool, for example:

    545c545
    , $count, $lockouts, $ip);

  243. David says:

    Ups... this form doesn't admit diff syntax.

    Line 545, change:

    , $count, $lockouts, $ip);

    to

    , $count, $lockouts, "http://ip-lookup.net/index.php?ip=$ip");

  244. Steve says:

    I've had several people recommend the Limit Login Attempts plugin recently, but when I saw the latest version (http://wordpress.org/plugins/limit-login-attempts/changelog/) was posted nearly two years ago and only showed support up through WordPress 3.3.2 I decided to wait. Are you planning to update this plugin? Thanks!

  245. Patrick says:

    successful plugin. but it would be good if the wrong passwords could be logged too.

  246. NiB says:

    Hi
    great plugin!

    But I do have a problem with the setting on 'Notify on Lockouts'.
    I can not set a higher value than 2.
    Can anybody tell my why?

    I even changed the value 'limit_login_notify_email_after' directly in the database
    but after another settings change, the value returns to 2.

  247. zAlbee says:

    I've been using this for nearly a year and it's a very nice plugin, with a good visual "shake" when the password was wrong. I can confirm that it does work with latest WP 3.8.1. Few things:

    1. When used in combination with another plugin/script to log all failed login attempts, it *appears* like the same IP can continue to make login attempts even when they're locked out, but what happens is even if they guess the password right, it will still be a login failure. So basically this plugin prevents the password from being checked, but does not go as far as blocking access to the site. That's OK though.

    2. Could you remove/disable the user/password fields or login button when a user is locked out, to prevent them from trying? (this won't prevent a bot, but is just more friendly for a human user)

    3. Could you log the time/date that a user was locked out? (currently only logs the IP and username). This would help confirm that the plugin is working when digging through logs.

    4. Is there a flag that other plugins could use to see that the login attempt failed due to being locked out by this plugin? I.e. so that I could log this information.

    5. Do you accept patches?

    Thanks!

  248. Shripriya says:

    This plugin suddenly stopped working. When i tried to reinstall it, I got the error -
    Cannot redeclare limit_login_setup() in /nas/wp/www/cluster-1136/shripriya/wp-content/plugins/limit-login-attempts/limit-login-attempts.php on line 96

    Any suggestions?

    Thank you!

  249. clive bunch says:

    Hi, love your plug in! One question, sometimes I use a VPN (hide my ass). If I attempt to log in when using VPN am I likely to be locked out?
    Sorry to ask basic question I'm new to WordPress.

    Thank You

  250. Shay Atik says:

    One of the best plugins ever. Thank you!

  251. wowww,, thats a great, i love your article

  252. thank your for your article, very helfull

  253. Stefan Heinz says:

    Hi Johan,

    Thanks for the excellent plugin!

    As some people previously have mentioned here, I also had one and the same IP try several thousand (!!) login attempts (according to the WP Audit log).

    FYI: I am using captcha plugin for login protection.

    Also (and I've seen other people request this as well ;-) ) having an option to block an IP permanently would be great, so that I don't have to mess with .htaccess

  254. I have seen what might be a bug in Limit Login attempts. GuestDietBlog.com has been under attack for a couple of weeks, and I get a notice that an IP is locked out. But then I get about 20 more notices, and my site is completely down because the maximum number of processes are running, all the memory is used up, and the CPU utilization is at 100%. It takes a while, but when I can add the "deny from " to the .htaccess, that stops the attack -- for a day or so, until the attacker starts using a new IP.

    Could you provide an option where a after about 4 lockouts, the IP is denied permanent in .htaccess? That would sure help!

  255. cjb says:

    How can I unlock a user once they are blocked?

  256. Greetings frpm Ohio! I'm bored at wok so
    I decided too check oout your site on my iphone during lunch break.
    I enjopy the informaion you present here and can't wait too take a lookk when I gget home.
    I'm srprised aat how fast your blog loaded on my mobile ..
    I'm not even using WIFI, justt 3G .. Anyhow, aweskme site!

    Also visiot my blog; online truck games

  257. Your method of explaining all in this article is genuinely good, every
    one be capable of without difficulty be aware of it, Thanks a
    lot.

  258. What's spoken by each member over a plate of food affects all
    the other members in different ways. The story began 64 miles away in rural Green Country where a local doctor predicted 46-year-old Jane Crawford was pregnant with twins.
    This adventure is Part 2 of a major quest, Quest for the Necromancer
    and follows the story in WATE1-3.

  259. Alejandrina says:

    I'll immediately seize your rss feed as I can not find your
    e-mail subscription hyperlink or newsletter service.

    Do you've any? Kindly permit me recognize so that I could subscribe.
    Thanks.

  260. It is appropriate time to make some plans for the future and it's time to be happy.
    I have read this post and if I could I want to suggest you
    some interesting things or advice. Perhaps you could write next articles
    referring to this article. I wish to read more things about it!

    Hello, i think that i saw you visited my site so i
    came to “return the favor”.I'm attempting to find things to
    improve my site!I suppose its ok to use some of your ideas!!

    \

  261. Be sure the bike you're purchasing is made of polyester.
    You may think you can just swap the tires for narrower, smoother tires.
    How your feet sit on the cycle and take time to wear the shoes and
    two wheels have your laptop infront of you while on the turbo trainer at home or at workplace.

  262. Click here now These grants will help you learn more about
    and investment return calculator apply for scholarships?
    Another thing that weíve got to look at is that is particularly useful,
    investing in shares andd mmanaged funds that are paying
    imputation credits inside these funds.

  263. Hello there, I am a brand new freelance web designer just starting out and I'm
    in need of a portfolio. Would you like a new website design free of charge?

  264. Plus, gain access to new bonus skins for the
    F-22 Raptor and the F-35B Lightning II. * “May
    This Be Love″ – Jimi Hendrix ($1. Johnny (Sean Bridgers)
    keeps the girls in line along with Doc Cochran (Brad
    Dourif) who takes care of their medical needs.

  265. If some one wants expert view regarding running a blog after that i recommend him/her to visit this
    webpage, Keep up the fastidious work.

  266. Amanda says:

    Plugin looks great. It works with the custom login page of my theme well. nice sharing, thanks!

  267. Zahid Alam says:

    Nice work man.I think you should keep this post alive life time coz everyone like this post so much....I need a small help for change the time....I know that you will answers may question.thanks again.

  268. DivaBillee says:

    Love this plug in. Thanks!!!!!

  269. HaloCig says:

    I visited several web pages however the audio quality for
    audio songs present at this web page is truly superb.

  270. Ahaa, its good discussion concerning this paragraph at this place at this weblog, I have read all that, so now me
    also commenting at this place.

  271. Crystal says:

    Hi,

    Plugin very good, I recommend it! Your post is very helpful,Thanks!

  272. David Gross says:

    Had to disable "limit login attempts" as it interfered with my receiving emails from my "contact us" page. Any ideas why??

  273. Brandy says:

    Nice post. I was checking constantly this blog and I'm impressed!

    Very helpful info specifically the last part :) I care for
    such info much. I was seeking this certain information for a very long time.
    Thank you and good luck.

  274. Hi there, I found your web site by the use of Google whilst searching for a comparable topic, your site came up,
    it seems to be good. I have bookmarked it in my google bookmarks.

    Hello there, simply turned into aware of your blog through Google, and located that it's really informative.

    I am gonna watch out for brussels. I'll be grateful in the event you continue this in future.
    Many other people will be benefited out of your
    writing. Cheers!

  275. Dana says:

    Great plugin. I'm using it for my personal blog.
    If you have time, It will be great to do a small update for it.
    As we are a lot of people using it, a donate button should be somewhere on the plugin's panel. Not for getting rich, but at least, coffe money :)

  276. Randell says:

    I see a lot of interesting content on your website. You have to spend a lot of time writing, i know how to save you a lot of time,
    there is a tool that creates unique, google friendly articles in couple of minutes, just search in google - laranita's free content source

  277. If you or someone you love is bing affected by addiction or alcoholism, you need to understand that
    you're not alone. In essence, an individual can sto as an alcoholic by correcting their biochemistry.

    In many instances these issues must be dealt with for a
    lifetime and it takes a conscientious effort in order to do so, with the support of family, friends, and fellow recoering addicts or alcoholics.

    My web-site - Website analytics reviews

  278. Bilinmeyen says:

    Güncel olmamasına rağmen hala tavsiye ettiğim bir plugin, teşekkür ediyorum. Umarım yakın zamanda bir güncelle yaparsın, sevgiler.

  279. terima kasih infonya, sangat bermanfaat

  280. great information mas, sangat membantu

  281. Hi are using WordPress for your site platform? I'm new to the blog world but I'm trying
    to get started and set up my own. Do you need any html coding expertise to make your own blog?

    Any help would be greatly appreciated!

  282. Oleg says:

    Hi!

    Dear Author! ARE YOU ALIVE?
    I like your plugin, but answer me and other people pls at wordpress.org - for example about WP MU support...

    Regards.

  283. I agree with you.this is what i looking for. I want you to know, i search about this every where and just found it here, Nice, i hope you always success.

  284. terima kasih, sangat membantu saya

  285. RQDriftnet says:

    Hi Team LLIAs,

    As I am new to building my own website ....I've downloaded a lot of Plug-Ins for the security of my site, and each has it pluses and minuses and I am attempting to mike them all to achieve the best mixture of features for my particular outcome.

    One of the Plug-Ins is "Limit Login Attempts" ....and I find I have now conflicted it by the use of two very good security Plug-Ins .....called "Bullet Proof Security Pro" & "WordFence Security" ...with WordFence's "Cellphone Sign-In" being of particular concern.

    The concern is "Cellphone Sign-In" requires you to use a Log-In attempt to have it activated the 2nd level of security. ...Thereafter the 1st Log-In attempt ...WordFence then sends an SMS (...or an secondary code) for use with the 2nd gatekeeper (admittance level) ...before you can access the Administrative control Dashboard of your site.

    That is a very nice security feature I wish to maintain.

    However ...my issue is ...How can I override that conflict? ...as I have set the Log-In attempts to five (5). ...So ...every 4th Admin Log-In ...I need to zero the failed Log-Ins or I lock myself out.

    Do you have any work-around suggestions to overcome this issue that won't diminish the security features of setting a low number of Log-In Attempts please?

  286. Hi

    After we have seen a lot of unsuccessful login attempts in the log, we have installed this plugin to all our blogs. It works quite well so far. I could imagine that a locked attacker should better get a forbidden (403) response code, instead of the login form. Automated login attempts did not render the form but post possible credentials several times. If they don't get a proper 200 response code they maybe give up. May this be an option for upcoming versions of the plugin to choose if the user get a message within the form or an header('HTTP/1.1 403 Forbidden'); + die();

    Our problem was that we had more than 1000 forbidden IPs within 2 days (maybe a distributed attack) which resulted in a lot of emails to the blogs admin.

    Regards

  287. Sac Longchamp Pas Cher Neuf Le Pliage Longchamp jsqZH Questa azienda dispone di prodotti che non sono così Best Value,
    stile e durata. Hanno la più grande selezione di bagagli nel mondo e
    fornire i migliori prezzi per gradi. Sac Longchamp Besace Sac Voyage Longchamp eCZhc Il cantante 26yearold e il modello è anche una serie di H vestiti nuovi per le vacanze all'interno,
    tra cui alcuni freschi pantaloni di pelle alla
    ricerca, un glamour. Gli stivali originali durato sei anni di guida quasi quotidiana, il lavoro longe, pascoli e camminare più fino a
    quando non sono passato ad un altro pilota. Longchamp.Fr
    Saint Francois Longchamp Location OdVBP Abbiamo messo in piedi con i loro genitori circa
    le scarpe per bambini iniziano nella vita di disordini e scontri.
    Visita Stride Rite stivali genitori, e poi volare in aria, e il suono delle urla da restituire, senza tutti questi piedi sporchi, cercando di assicurarsi di consultare
    un pediatra. Saint Francois Longchamp Location Pliage Longchamp Pas Cher yJLcF Terence Jones recenti supporti intervista
    Jordan 11 alto, ha detto che non gli importa segmento OM antipasto, mentre in precedenza elogiato Howard Jones, per la quale era molto felice
    che Jones Questo significa molto. In preseason con pellicani,
    Motiejunas come razzi a partire potere in avanti, gli uomini eh Jones in panchina.

    Sac Longchamps Solde Goelia Saint Francois Longchamp rSdGu Leggi di conservazione
    sono un tema predominante nelle scienze naturali e la prima legge della termodinamica,
    questo si riflette in questa energia non può essere creata o
    distrutta, ma può essere trasferito da una forma all'altra.

    La seconda legge della termodinamica si occupa della difficile concetto di entropia.

    Esf Saint Francois Longchamp Sac Longchamp Bandouliere Pas Cher vXiHy Azioni più di 10 milioni dollari nel trimestre di un anno fa,
    i margini lordi della società sono rimasti invariati aiutare a migliorare il vostro movimento basso
    overhead. CFO George Mihalko, e perché l'azienda ha tagliato i suoi miglioramenti
    software di inventario fatti negli ultimi due anni, ha detto
    di non credere catturato a breve. Sacoche Longchamp Agenda
    Longchamps WeiwW Jim Barrett, direttore della ricerca presso CL re Prezzi Ruger un forte buy con un prezzo obiettivo di 11 dollari
    In una nota client, Barrett ha scritto che le vendite che beneficiano di un aumento delle vendite a causa della pistola l'arrivo della nuova amministrazione democratica a Washington. Ma gli
    piace anche solidità patrimoniale della società, il management ritiene possa essere
    avvicinando l'acquisizione come poche azioni riacquistate nel mese di
    dicembre, e nessuno è stato acquistato a novembre, sostenendo che il
    produttore di pistola è nelle prime fasi di
    un turnaround di successo con un futuro vendite e gli utili
    potrebbero sorprendere al rialzo nel 2009..

    Saint Francois De Longchamp Longchamps Sac Homme UvWim Per Thompson, ma 13 è
    stato un punto culminante della sua vita per 30 anni o più.
    Nel corso degli anni è stato offerto il lavoro il Venerdì 13, le promozioni ricevute e ha comprato una
    macchina nuova.

  288. Brianne says:

    I am really enjoying the theme/design of your web site.

    Do you ever run into any web browser compatibility problems?
    A small number of my blog audience have complained about my site not operating correctly in Explorer but looks great in Firefox.
    Do you have any recommendations to help fix this issue?

  289. Wonderful goods from you, man. I've understand your
    stuff previous to and you're just too wonderful. I actually like what
    you have acquired here, really like what you're
    stating and the way in which you say it. You make
    it entertaining and you still take care of to keep it sensible.

    I can not wait to read far more from you. This is actually a tremendous
    web site.

  290. seb becker says:

    Bonjour à tous, depuis combien de temps postez vous des articles sur ce article ?

  291. You really make it seem so easy along with your presentation however
    I to find this topic to be actually something which I think I would by
    no means understand. It kind of feels too complicated and extremely wide for me.
    I am taking a look ahead in your subsequent publish, I'll try to get the dangle of
    it!

  292. Well-organized therapies are featured. A pair of materials make out our products:
    outlay of money, and therefore timeframe reduce our own wart
    ! A lot of methods are relatively pain-free -- actually
    very much agonizing in contrast to the sorness caused
    by most of the wart through.

  293. Nice post. I was checking constantly this blog and I'm impressed!
    Very helpful info specifically the last part I care for
    such info much

  294. Right information at all for me after some time ago my wordpress blog hacked. Inform to me again if there is interesting info like this.

  295. jerome says:

    hi
    I have an error when I installed Limit Login Attempts:

    Fatal error: Cannot redeclare limit_login_setup() (previously declared in /homepages/1/d440120879/htdocs/app444697399/wp-content/mu-plugins/limit-login-attempts.php:97) in /homepages/1/d440120879/htdocs/app444697399/wp-content/plugins/limit-login-attempts/limit-login-attempts.php on line 129

    thank you for the answer
    Jerome

  296. guitar amps says:

    Heya i'm for the first time here. I found this board and I in finding It truly useful
    & it helped me out much. I am hoping to provide something
    back and help others such as you aided me.

  297. Francesca says:

    I read a lot of interesting articles here. Probably you spend
    a lot of time writing, i know how to save you a lot
    of time, there is an online tool that creates high quality,
    SEO friendly posts in seconds, just type in google - laranitas free content source

  298. Hello,
    Plugin very good, I recommend it!
    Your post is very helpful,
    Thank You so much!

    Best regards,
    Beata

  299. Epifania says:

    These sites are secured using the concept car have emerged as
    a nice look at the forefront of the density of the floor of the Premier
    League? If you like to know about sports. It doesn't merelly mean a slow curve ball and
    cause the delicate ligaments. You cann also
    look ahead with analysis of thhe board into the water.

  300. I like the valuable information you supply to your articles.
    I'll bookmark your weblog and check again right here regularly.

    I am quite sure I will be informed a lot of new stuff proper right here!
    Good luck for the next!

    Have a look at my web site ... smaller business owner

  301. Google says:

    Using Ancient Rome 3D in Google Earth, you can explore Rome as it
    appeared in 320 A. The website speed test at Secret Search Engine
    Labs will analyze how fast a page on your site is loading and give
    you tips on how to improve it. * Page SEO: Your page
    is optimized by various means which include, choosing the right keywords, placing them right, adding anchor text linking, adding call to action in various
    places on the page.

  302. Julian says:

    Thank you for this great plugin.

    I'd like to know if Limit Login Attempts can protect the xmlrpc .php for brute force attacks?

    Also, seems this plugin is not updated for long time. Do you have plans to make it compatible up to 4.0 at least?

    Thanks,

    Julian
    Free PowerPoint Templates

  303. Hi! This is kind of off topic but I need some guidance from an established
    blog. Is it very difficult to set up youhr own blog?
    I'm not very techincal but I can figure things out
    pretty fast. I'm thinking about making myy own butt I'm nott sure where to start.
    Do you have any idezs oor suggestions? Thank you

    Also viait my web page - loans for small businesses

  304. yoga towel says:

    Hello There. I found your blog using msn. This is a really well
    written article. I'll make sure to bookmark it and return to read more of your useful info.
    Thanks for the post. I will definitely comeback.

  305. Hello to every one, the contents existing at this web site are actually awesome for people
    experience, well, keep up the good work fellows.

  306. Oh my goodness! Incredible article dude! Many thanks, However I am
    having issues with your RSS. I don't know the reason why I can't join it.
    Is there anybody having similar RSS problems? Anyone who knows the
    solution can you kindly respond? Thanx!!

  307. I'll right away take hold of your rss as I can not find your e-mail subscription hyperlink or newsletter service. Do you have any? Please permit me understand in order that I may subscribe. Thanks.

  308. It's amazing for mee to ɦave a web site, ԝhich iѕ valuable іn support of my knowledge.
    thhanks admin

    mу web blog Buy instagram followers; Helmetcozy.com,

  309. Bharath says:

    i can translate the plugin to all indian languages , let me know if you need it

    Thanks , Nitya Hosting

  310. Hi, its nice post regarding media print, we all be familiar with media is a great source of
    data.

  311. An interesting article. Many thanks, but I having trouble with your RSS. Is there anyone experiencing similar RSS problem? Thanx.

Leave a Reply