Support » Plugin: Limit Login Attempts Reloaded » Logging wrong IP address?

  • Resolved smartysmart34

    (@smartysmart34)


    Hello all,

    I have a site that is set up using nginx as gateway host. So the nginx gateway receives the external requests and – if it is related to WordPress, passes it on to 127.0.0.1:81.
    My issue is that since the last update – instead of logging the address specified in the header X-Forwarded-For, the plugin seems to trigger on the host address 127.0.0.1. But then, not only do ALL connections come from there, it also locks me out of the site regardles which network I connect from.

    Is this a known issue? Any suggestions what I might want to look for here?

    Thank you and kind regards,
    Martin

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author 2by2host

    (@wpchefgadget)

    Hello Martin,

    The plugin doesn’t trust any IP addresses other than _SERVER[“REMOTE_ADDR”] anymore. Trusting other IP origins make protection useless b/c they can be easily faked.

    To handle your situation we recommend you to configure your server so it populates the _SERVER[“REMOTE_ADDR”] variable with the values from the X-Forwarded-For header and only if your trust those values.

Viewing 1 replies (of 1 total)
  • The topic ‘Logging wrong IP address?’ is closed to new replies.