Look for additional copies of the plugin in wp-content/plugins. Your host may have already set this up. You can also check your theme directory and wp-content/mu-plugins if it exists. Your site is not part of a multi-site network, is it? http://codex.wordpress.org/Create_A_Network
Thread Starter
Mike
(@iskon47)
Hi Kitchin,
Thanks for answering me! Since it was a fresh install I completely uninstalled WordPress and reinstalled it. I noticed that Limit Login Attempts was already in the settings after the fresh install so my guess is that the host we’re using for that site adds it in automatically.
What’s strange though is that I contacted support about it and they didn’t seem to know anything about it being pre-installed. However, that has to be why the plugin didn’t activate…because it was already active.
Would you know where to find it though? We’re not part of a multi-site network, it’s not in the plugins and I can’t locate it on my FTP. I don’t mind that it’s there because I love the plugin, I’m just curious.
Thanks!
That is odd. I guess you would see a symlink in FTP. You can get the file paths of all the plugins, say, by dropping this into your theme’s functions.php and then going to Dashboard / Plugins. (Note to others: only do this if you have FTP so you can fix it if it breaks.):
add_action('pre_current_active_plugins', 'my_pre_current_active_plugins');
function my_pre_current_active_plugins() {
print '<pre>';
print WP_PLUGIN_DIR . ":\n"; print_r(array_keys(get_plugins()));
print WPMU_PLUGIN_DIR . ":\n"; print_r(array_keys(get_mu_plugins()));
print WP_CONTENT_DIR . ":\n"; print_r(array_keys(get_dropins()));
print '</pre>';
}
Thread Starter
Mike
(@iskon47)
Gotcha, thanks!
Since you’ve been so helpful, mind if I ask you another question? I am noticing this on the account in question: “Current setting appears to be invalid. Please make sure it is correct. Further information can be found here”
“Here” links to the main plugin page we’re on right now. Any idea what that means?
Also, very strangely someone tried to log into the site with the exact admin username. The site is less than a week old and has nothing on it yet except a coming soon page so I’m also wondering if you have any idea how someone would know the exact (and quite unique) admin username.
Thanks!
It means change the radio button just above, concerning reverse proxy. For some reason the placement of the message is confusing, IIRC.
If your site is behind a reverse proxy then the incoming IP is always the same. So your lockout “allowed retries” count will apply to all visitors as a group. But there is another field storing the real I.P., usually, and the goal is to use that instead. Vice-versa, if your site is not behind a reverse proxy but you told LLA that it is, then that other field will probably be empty, again putting all visitors in one group.
Sometimes your hosting service changes and you have to change this setting. I think you also have to change it from the default when you first install LLA on a reverse proxy server. It makes a guess to help you decide but does not automatically change the setting.
Commonly reverse proxying is set up with Nginx to reduce the load on the server. Sort of like WP Super Cache, but at a lower level. At least one WordPress-only hosting company uses it.
I don’t know all the ways that usernames can be detected. I know hiding things with CSS is not enough! Remember there’s a whole /feed thing going out to. And probably other stuff. For example, https://wordpress.org/support/topic/wordpress-username-exposed although author=n doesn’t work with the themes I see.
