Comments on: Limit Login Attempts

By: Jeff

Jeff — Sat, 11 Feb 2012 05:42:02 +0000

Great plugin. I have to say I'm astounded at how hard some people are trying to get into our site. I set it so that 1 lockout sets the lockout time to 24 hours. Yet there is one IP that has been locked out 9 times since I installed the plugin 2 weeks ago! The email notification is great. Thanks!

By: ben

ben — Sat, 04 Feb 2012 02:04:13 +0000

Can you tell me how to unlock a user if the are accidentally blocked. How, as an Admin, do I do that -- is it as simple as clearing the log or do I have to go into the DB somehow?

By: Marcus

Marcus — Mon, 23 Jan 2012 11:45:20 +0000

Hey Johan, any news as to when you'll include the dates in the logout log?

By: MisterE

MisterE — Fri, 13 Jan 2012 22:06:14 +0000

another feature request. Like to have a whitelist feature for users. This is handy for creating a second admin account which can always unlock.

By: Regina

Regina — Thu, 12 Jan 2012 02:04:05 +0000

Thanks for a great plugin. A Russian IP is trying to get into a blog I manage. I'm glad I was able to block them.

By: MisterE

MisterE — Tue, 10 Jan 2012 20:43:37 +0000

I use this plugin in combination with "login logger". I notice that when a user is locked every attempt is still logged by "login logger". I'm worried it flood my server db. Is it possible to add a feature to stop processing other plugins when locked? (i don't know what a hacker uses to bruteforce. But do theire scripts see the "locked" status?)

By: scott4design

scott4design — Fri, 14 Oct 2011 23:15:55 +0000

Right on... thanks for answering. Annoying is right. I read an article about recommended security for wordpress and your widget was on the list. When I loaded it I saw things that I did not know were going on... I have seriously beefed up security.

Thanks for writing this, its cool.

Cheers

By: Johan Eenfeldt

Johan Eenfeldt — Thu, 13 Oct 2011 07:40:01 +0000

If you only allow login from admin-type users you can tighten the plugin settings somewhat, but default settings are safe as long as you have decent passwords.

With a strong passwords it would take millions of years to brute-force crack, even with multiple IP trying. Still annoying though.

I recommend 12+ random character passwords and preferably a password manager.

By: scott4design

scott4design — Thu, 13 Oct 2011 02:44:12 +0000

On my most popular site I used your login and it opened my eyes to stuff going on I had never noticed before. Thanks...

Is there a tool in your plugin to help with something like this? Or any recommendation?

Lockout log

IP Tried to log in as
213.251.189.201 justin82 (3 lockouts)
67.228.21.218 justin82 (2 lockouts)
62.75.244.128 justin82 (6 lockouts)
74.53.173.146 justin82 (6 lockouts)
200.0.176.43 justin82 (4 lockouts)
208.69.122.25 justin82 (4 lockouts)
193.202.110.175 justin82 (4 lockouts) ... and it continues

By: Johan Eenfeldt

Johan Eenfeldt — Mon, 10 Oct 2011 08:38:49 +0000

Once the plugin is activated there should be an option page under the "Settings" menu.

Something like:
http:///wp-admin/options-general.php?page=limit-login-attempts

Nothing is shown on the dashboard page right now.