Plugin Author
AITpro
(@aitpro)
Are you using any other Login Security plugins or login security features in other plugins? If so, then if both plugins or plugin features are using the same WordPress hooks – actions/filters then they will compete with each other and one will override the other or worse they will cancel each other out.
Not sure what you mean by slow down. We researched and tested limiting the amount of logins based on a time period and found that approach to be completely unnecessary. We instead created an account lockout based purely on failed login attempts. 3 failed attempts with a setting of lock out on 3 failed attempts no matter when those failed login attempts occur means the user account is locked out. Any further failed login attempts are not processed – no DB connection is made or allowed if the account is locked out – no website/Server resources used for failed login attempts when a user account is locked out. Login Processing is completely halted.
Plugin Author
AITpro
(@aitpro)
Also it is important to mention that we were able to overload and crash testing Servers (DoS/DDoS) by allowing additional login processing after a user account was locked out so it was a no-brainer as far as the best approach to take – do not allow processing or log anything unnecessarily that could use/waste website/Server resources and do not create the possibility for DoS/DDoS vulnerabilities.
Thread Starter
thob
(@thob)
I was using a login limiter before but none currently. Stil it should show me the attempt in the log, right?
