Support » Plugin: Limit Login Attempts » Allows Too Many Login Attempts

  • Am running a website on GoDaddy Managed WordPress service. The Limit Login Attempts functionality is embedded by GoDaddy in the WP service (i.e. not a separate plugin).
    I have Limit Login set to:
    Allow 2 Retries
    5 Minutes Lockout
    2 Lockouts Increase Time to 1 Hour
    3 Hours until Retries Reset

    I also have a separate Activity Log plugin to record logins (and other activity). When I look at the Activity Log I see sets of multiple more than 3) failed login attempts from an IP, each attempt separated by approximately 1 second. I’ve seen stretches of as many as 27 attempts in 27 seconds. Why isn’t the plugin limiting the number of attempts to 3 per my settings and then locking out the IP?

    https://wordpress.org/plugins/limit-login-attempts/

Viewing 1 replies (of 1 total)
  • The Activity Log plugin is logging all login requests (HTTP POST requests sent to wp-login.php). The Limit Login Attempts plugin prevents WordPress from processing those attempts during the lockout but it can’t stop the server from receiving the HTTP requests.

    All the lockout requests are short-circuited during the wp_authenticate_user filter.

    • This reply was modified 10 months, 4 weeks ago by  Kaspars.
Viewing 1 replies (of 1 total)
  • The topic ‘Allows Too Many Login Attempts’ is closed to new replies.