WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
Problems with this plugin (3 posts)

  1. tomdkat
    Member
    Posted 1 year ago #

    At first, I thought the plugin was great until I ran into these problems:

    1) I was told there were too many login attempts from my computer when I have NEVER entered an invalid password when logging in to my WordPress installation. So, I had to wait 20 mins before I could login to my own WordPress dashboard.

    2) Despite there being SEVERAL IP addresses logged with failed login attempts, the administrator e-mail account was NOT sent any messages so I had no clue the plugin was doing anything other than logging lockouts.

    I'm not sure how this plugin gets the administrator account's e-mail address to dispatch notifications but it didn't work in my WordPress installation.

    Problem #1 is a deal breaker for me. If I'm blocked from logging in to my own WordPress installation due to a failed login attempt I never made, I can't continue using the tool.

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. Andrew Bartel
    Member
    Posted 1 year ago #

    I use this plugin on several production environments and I've never had any issue with it whatsoever. It's not marked as a favorite because it's buggy.

    1) I've never encountered this. You can just reset the plugin file if you have to access it immediately anyway. Was your ip on the log list? Could be someone else on it, same office maybe?

    2) Mail issues are rarely related to WordPress, trust me I've debugged many. Consider using a service like postmark for transactional (non-mailing list) emails. They even have a WordPress plugin.

  3. tomdkat
    Member
    Posted 1 year ago #

    My IP was shown on the list of failed logins are reported by the "Simple Login Log" plugin I use. However, ALL of the "failed logins" were from my attempts to login during the 20 min "countdown". I had logged in to the same WordPress installation about a week ago with no problems then "suddenly", I'm told I have to wait 20 mins due to too many login attempts. I'm a home user with no one else using my system or my network and I'm not running Windows as my primary platform.

    After the 20 mins expired, I was able to login just fine and poke around and see a list of IPs with lockouts, one of which was mine. However, I had NEVER had a login problem from this IP address, so something's wrong.

    With regard to issue number two, I'm thinking it's how the plugin tries to get the administrator e-mail address for notification. Which address does it use if more than one administrator is defined? Which address does it use if there is not an administrator account with the default account name?

    When I was finally able to login, I noticed the plugin recorded at least 10 different IPs with lockouts. NONE of them had a login id listed, most had 1 lockout recorded (as did my IP address), and a few had more than one lockout recorded.

    Since uninstalling this, I've switched to the "Login Security Solutions" plugin and there I was able to specify an e-mail address to use for notifications. We'll see how that works out.

    If the plugin author gets some of the outstanding issues with this plugin fixed, I would give it another try. Speaking of the plugin author, they seem to be "MIA". :)

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.