Limit Login Attempts Reloaded / Login

  • first release
    2016-08-03
  • last updated
    2020-09-08
  • current version
    2.15.2
  • requires WP version
    3.0
  • tested up to
    5.5.1
  • download count
    7 237 931
  • rating total
    394
98
%
394 users
5 stars
4 stars
3 stars
2 stars
1 star
limit-login-attempts-reloaded-banner-772×250.jpg
Changelog

2.15.2

  • Alternative method of closing the feedback message.

2.15.1

  • Refactoring.

2.15.0

  • Reset password feature has been removed as unwanted.
  • Small refactoring.

2.14.0

  • BuddyPress login error compatibility implemented.
  • UltimateMember compatibility implemented.
  • A PHP warning fixed.

2.13.0

  • Fixed incompatibility with PHP < 5.6.
  • Settings page layout refactored.

2.12.3

  • The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.

2.12.2

  • Fixed the feedback message not being shown, again.

2.12.1

  • Fixed the feedback message not being shown.

2.12.0

  • Small refactoring.
  • get_message() – fixed error notices.
  • This is the first time we are asking you for a feedback.

2.11.0

  • Blacklisted usernames can’t be registered anymore.

2.10.1

  • Fixed: GDPR compliance option could not be selected on the multisite installations.

2.10.0

  • Debug information has been added for better support.

2.9.0

  • Trusted IP origins option has been added.

2.8.1

  • Extra lockout options are back.

2.8.0

  • The plugin doesn’t trust any IP addresses other than _SERVER[“REMOTE_ADDR”] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER[“REMOTE_ADDR”] with wrong IPs which leads to mass blocking of users.

2.7.4

  • The lockout alerts can be sent to a configurable email address now.

2.7.3

  • Settings page is moved back to “Settings”.

2.7.2

  • Settings are moved to a separate page.
  • Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/

2.7.1

  • A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.

2.7.0

  • GDPR compliance implemented.

  • Fixed: ip_in_range() loop $ip overrides itself causing invalid results.
    https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/

  • Fixed: the plugin was locking out the same IP address multiple times, each with a different port.
    https://wordpress.org/support/topic/same-ip-different-port/

2.6.3

  • Added support of Sucuri Website Firewall.

2.6.2

  • Fixed the issue with backslashes in usernames.

2.6.1

  • Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.

  • Added support of IP ranges in white/black lists.

  • Lockouts now can be released selectively.

  • Fixed the issue with encoding of special symbols in email notifications.

2.5.0

  • Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/

2.4.0

  • Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
  • The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/

2.3.0

  • IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
  • A “Gateway” column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
  • The “Undefined index: client_type” error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/

2.2.0

  • Removed the “Handle cookie login” setting as they are now obsolete.
  • Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
  • Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/

2.1.0

  • The site connection settings are now applied automatically and therefore have been removed from the admin interface.
  • Now compatible with PHP 5.2 to support some older WP installations.

2.0.0

  • fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
  • fixed the deprecated functions issue
    https://wordpress.org/support/topic/using-deprecated-function
  • Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
  • added time stamp to unsuccessful tries on the plugin configuration page.
  • fixed .po translation files issue.
  • code refactoring and optimization.
Download different versions
Screenshot gallery
limit-login-attempts-reloaded-screenshot-1.png limit-login-attempts-reloaded-screenshot-2.png limit-login-attempts-reloaded-screenshot-3.png