WPChef
Forum Replies Created
-
Let us know if you have any caching plugin installed. Also, can you share information from the debug page of the plugin?
Hi Rob,
Thank you for your feedback. We appreciate you taking the time to share your concerns.
Limit Login Attempts Reloaded offers both a free and premium version, each designed to enhance WordPress security in different ways. The free version stores logs locally on your site, allowing you to monitor and control failed login attempts without external storage. The premium version, however, includes advanced security features such as real-time IP monitoring, enhanced bot protection, block by country, automated IP blocklisting, login logs, and much more —these require cloud-based logging to function effectively.
Storing logs in the cloud is a crucial security measure because it allows for centralized threat detection and proactive blocking of malicious IPs across our entire network of 50k+ websites. This approach helps prevent large-scale attacks, improves response times against emerging threats, and ensures that logs remain secure even if an attacker gains access to a website’s local storage.You can download your IP data at any time from our billing portal.
That said, we understand that cloud storage isn’t the preferred option for everyone. If you’d like to continue using the free version with local logging, that remains available, and you’re not required to upgrade. If there’s any specific concern we can address regarding cloud storage, we’d love to discuss it further.
We appreciate your past support and hope to find a way to continue providing you with the best security solutions. Let us know if you have any questions!
Best,
LLAR TeamThank you for you feedback. We agree this part of the plugin can be streamlined better. We’ll add this project to our roadmap.
The plugin only accepts integer numbers for its settings, 0.02 might not work as intended.
If you have issues (temporary or ongoing) with file permissions, the mentioned file might not have updated, while the other ones have. This is one way the file got outdated. Another way could be during its update there was a glitch (network related, server overloaded, out of disk space etc) and the bottom part of the file got lost (got written incompletely to the file). You can try to delete the plugin, install it again and check if the file is complete after that. If it is, you should see the error.
Are you saying you don’t have a wp_locale() function in the \core\Helpers.php file? B/c if you download the plugin, you’ll notice that the function is there. Is it possible that your file got corrupted or the end got cut off? Or it hasn’t updated for a while and you used the old version of the file?
Hi Paoloeuvard,
Thank you for sharing your feedback, and I’m truly sorry to hear about the frustration you experienced with Limit Login Attempts Reloaded. We can understand how overwhelming a high volume of email notifications can be and the impact it had on your workflow and website management.
Here are a few steps and solutions that might help address the issues you encountered:
- Adjusting Notification Settings:
To prevent your inbox from being overwhelmed, you may turn off email notifications in the plugin settings. This way, you can reduce the frequency of alerts or disable them altogether while still keeping your site secure. - False Positives and Fine-Tuning:
A high number of detections may sometimes be attributed to aggressive bots or even settings within your hosting provider that generate false positives. You can adjust the thresholds for login attempts and lockout periods in the plugin settings to better suit your website’s activity. We’ve created a blog to help our users better understand “fake” login attempts – https://www.limitloginattempts.com/blogs/could-these-failed-login-attempts-be-fake/. - Support for Unique Scenarios:
We would love to investigate why the plugin detected such a high volume of activity and help ensure your site has correct settings. If you’re open to it, please reach out to our support team directly at [email protected] so we can look into this for you.
We’re sorry to see you go, but we’re committed to learning from your experience to improve Limit Login Attempts Reloaded. If there’s anything we can do to regain your trust or assist further, please don’t hesitate to let us know. Wishing you the best with your website security going forward,
LLAR TeamOur dev team will try to reproduce the issue and fix it if it’s confirmed.
We believe this article would have been helpful to you: https://www.limitloginattempts.com/blogs/could-these-failed-login-attempts-be-fake/ and yes, there’s an easy way to turn the notifications off.
The IPs are temporarily stored in a private paid Amazon Cloud. They are not associated with people. Amazon follows the following data security standards: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/data-protection.html and here: https://aws.amazon.com/compliance/
Let me clarify how Limit Login Attempts Reloaded operates and address your concerns.
LLAR is designed to limit repeated login attempts from a single IP address by blocking further attempts once the limit is reached. However, there are factors to consider:
Hackers and bots often use dynamic IP addresses or networks of compromised devices (botnets), making it seem like attacks are not being blocked. While LLAR blocks login attempts from specific IPs after they exceed the threshold, new IPs within the network can continue trying.
Unlike some plugins that might hide or aggregate data on login attempts, LLAR displays all failed attempts—even those from blocked IPs. This transparency helps site admins monitor activity and detect patterns that might affect site performance, such as an unusually high volume of login traffic.
A high number of login attempts, even if blocked, can still strain server resources. That’s why LLAR alerts you to the activity—it’s an opportunity to consider additional protections, such as firewalls or CDN services, to mitigate potential performance issues.
Our premium version integrates a real-time database of millions of known malicious IP addresses. This feature proactively identifies and blocks threats based on global attack patterns, offering a level of protection beyond what standard plugins provide.
To better understand what happened in your case, I recommend reviewing your raw access logs. These logs can reveal the exact nature of incoming login traffic and confirm whether blocked IPs are continuing attempts or if new IPs are initiating attacks.
While Wordfence is a great tool, it operates differently. LLAR’s focus is on login-specific security, providing detailed visibility into login attempts while offering advanced, database-backed protection in its premium version. For comprehensive security, many users pair LLAR with broader security solutions to cover all aspects of site protection.
We are happy to research further if you wish to do so.
We’ll discuss this with our dev team and might potentially implement it.
Do you use a custom login page? Can you provide more details on it?
Also, the LLAR plugin counts the number of lockouts which is made of the number of attempts.This issue is related to incorrect file permissions on the server where your website is hosted. Please ask your hosting provider to fix that – it’s a regular PHP-related setup and not controlled by the plugin.
Hi Raullanza,
Thank you for taking the time to share your feedback. We take your concerns seriously and want to address them directly.
This particular question has come up in our support forum, and we’ve created an article to explain it further: https://www.limitloginattempts.com/blogs/guides/could-these-failed-login-attempts-be-fake/
To clarify, we do not, under any circumstances, share backend information or generate attacks. Our free version doesn’t even provide us access to your IP data, as it operates entirely on your local database. The increased visibility of attacks through our plugin simply reflects the ongoing threats that websites face daily, rather than any action initiated by us.
For users with a higher risk profile, we offer premium tools designed to provide additional protection. However, the decision to upgrade is entirely up to you.
Thank you for trusting us to assist in keeping your website secure. If you have further questions or concerns, please don’t hesitate to reach out.
-LLAR Team
- Adjusting Notification Settings: