Plugin Author
AITpro
(@aitpro)
http://forum.ait-pro.com/forums/topic/limit-login-attempts/
I’m surprised that this Forum Topic had not already been posted so I have created this Forum Topic for future reference. Both plugins can be used together without any conflicts. Limit Login Attempts will override BPS Login Security, but other BPS Login Security options will still work normally. Personally we obviously only use BPS Login Security so whatever you decide to do is up to you/personal preference.
Test Results: Limit Login Attempts and BulletProof Security
When 2 plugins or plugin features are doing the same or a very similar task/function and (most likely) using the same WordPress Hooks – Actions and Filters, then one plugin will typically override the other plugin. Which plugin would override the other plugin would depend on how, where and when WordPress Hooks are called and the methods used to call those Hooks.
Limit Login Attempts overrides BulletProof Security Login security and will be used instead of BPS Login security when both plugins are activated and Login Security is enabled in both plugins.
The BulletProof Security Log All Account Logins logging option/feature still works normally and will log all account logins. Email notifications based on the Log All Account Logins option/functionality will be sent. Displayed alerts and email notifications based on BPS standard Login Security options/features will not be processed if Limit Login Attempts Login Security is turned on.
Thanks very much for the speedy reply! After looking through the various posts and threads I was surprised that no one else brought this up as well.
I try to keep plugins to a minimum for security and maintenance reasons so I’ll have to do some more research. I’m not sure what if any benefits are gained by having both BPS and Limit Login Attempts installed. If BPS will do everything LLA will do I’d rather go with a single solution.
I installed BPS on one site and so far it looks like it’s doing a good job. I haven’t run into any downsides. If things continue to go well I’ll plan on purchasing the pro version.
Thanks again and keep up the great work!
Plugin Author
AITpro
(@aitpro)
One feature about Limit Login Attempts that we like is the displayed message with the amount of login attempts remaining. ie 3 login attempts remaining, 2 login attempts remaining, etc. so we will add this displayed message. The logic is that since 99.99% of all Brute Force Login attacks are done by auto-posting Bots then displaying how many login attempts are remaining is a nice convenience feature that has no relevance to security in any way. Thanks.
Excellent! Do you believe that is the only feature that BPS is currently missing with respect to BPS and Limit Login Attempts? If so that would be terrific. LLA is a fine plugin, but again, if there’s no need for duplication simply using BPS would be the way I would like to go.
Thanks again for the terrific support!
Plugin Author
AITpro
(@aitpro)
BPS Login Security has additional things that LLA does not have, but as far as Login Security goes they do the same thing.
Great to know! If my BPS trial run continues to be problem-free…no reason to believe that it won’t…I’ll uninstall Limited Login Attempts and go with BPS Pro for all of my sites.
Thank you again for the timely replies and support, it’s truly appreciated.
Best wishes!
@richadams
Four months later: did you uninstall LLA?
@newoceans – Actually the answer is yes and no. Right now I have both LLA and BPS running on one site. Although the devs recommended that only BPS be used, there doesn’t seem to be any conflicts and both seem to be working okay.
The site in question came under a very heavy attack recently, running LLA numbers up past 2,000 in one day. To reduce the load on the server I renamed the WP Login file so that it wasnt apparent that it was a WP site. The file name reverted back to normal when it updated to WP v4.0. The attacks are not as heavy now, but LLA still shows as many as 100/day and BPS shows about the same number, close to 1,000 in a couple of weeks.
Since that particular site was hacked once (via an old template vulnerability) I suspect its on some bad guy’s lists. Being that it’s so “popular” with the bots but hasn’t been hacked since that first time last year I’m hesitant to remove LLA. More superstition than anything I suppose…but if it ain’t broke…
Hope that helps!
Thnx for the update, mate!
And indeed, better double check with two great plugins that work nice together, than being surprised by hacked site.
Cheers,
Marc
I’m using BPS security plugin and also enabled the Login Security option. I’m unable to see attempts messages i.e 3 login attempts remaining, 2 login attempts remaining, etc. However, I’m getting security alert emails and logs but only the login attempt functionality is not working.
Is it normal or anything I missed during setup? I’m not using any other security plugin.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
