maybe you can try to hook into lwa_ajax_login filter and add your custom code to check or limit login attempts
given it’s such a popular plugin we’ll have a look and see if there’s something we can do to make them work together, but bear with us it may take a few weeks at least.
Hi Marcus, OK let me know if you need more info. I will help with testing, if you want.
Angelo, Thank you for your hint!
Hi.
I just installed this. Looks great! I tried installing the Goodbye Captcha that is stated to work well with this plugin. I am building a multisite. It is stated this plugin works for multisite (and does great!). Yet, the Goodbye Captcha does not show up on site dashboards though Network Activated.
Just a concern about brute force attacks. And letting you know that for me… I cannot get the Goodbye Captcha to work on my multisite in case you’d like to know and to see if other multisites have the same issue… for reference in your docs.
Thanks!
Does Goodbye Captcha appear across all sites when Login With Ajax is deactivated?
Hey @steffend,
Sorry for the super long delay!
I was just testing this out to sort it out before an update, but for me, Limit Login Attempts works fine with LWA, both on normal sites and MultiSite.
Failed logins lower the ‘x attempts remaining’ string in wp-admin.
There is one occasion where it doesn’t ‘work’ and that’s if you’re trying to log in on a subsite which doesn’t have LLA active. You’d probably want to network activate that kind of plugin.
However, I would add that LLA is somewhat defunct as a serious security measure these days. Why? Because it doesn’t stop network brute force attempts, the attacker just changes IP addresses whenever it runs out of attempts.
JetPack has this sort protection, and also iThemes security (which I use/recommend).
