Am running a website on GoDaddy Managed WordPress service. The Limit Login Attempts functionality is embedded by GoDaddy in the WP service (i.e. not a separate plugin).
I have Limit Login set to:
Allow 2 Retries
5 Minutes Lockout
2 Lockouts Increase Time to 1 Hour
3 Hours until Retries Reset
I also have a separate Activity Log plugin to record logins (and other activity). When I look at the Activity Log I see sets of multiple more than 3) failed login attempts from an IP, each attempt separated by approximately 1 second. I’ve seen stretches of as many as 27 attempts in 27 seconds. Why isn’t the plugin limiting the number of attempts to 3 per my settings and then locking out the IP?
- You must be logged in to reply to this topic.