Limit Login Attempts Reloaded Software Docs
  • πŸ‘‹Welcome to Limit Login Attempts Reloaded
  • Introduction
    • πŸ’‘Overview
    • πŸ”Importance of Preventing Brute Force Attacks
  • Installation & Setup
    • πŸ’»System Requirements
    • ⬇️Installing The Plugin
    • ⚑Activating The Plugin
    • βš™οΈConfiguration Options
  • Plugin Settings
    • πŸ› οΈGeneral Settings
      • πŸ“Enabling/Disabling Plugin
      • πŸ“Setting Max Login Attempts
      • πŸ“Setting The Active App
      • πŸ“Setting Lockout Email Notifications
      • πŸ“Setting Display Options Within WP Dashboard
        • Displaying Left Menu Item
        • Hide Dashboard Widget
        • Showing Warning Badge
        • Displaying Top Menu Item
      • πŸ“GDPR Compliance
        • IP Data Handling
        • Displaying Privacy Terms
    • πŸ› οΈAdvanced Settings
      • πŸ“Safelist & Denylist
        • Block By Country
      • πŸ“Trusted IP Origins
      • πŸ“IP Logs
        • Active Lockouts Log
  • Managing Denied/Allowed Users
    • πŸ”‘Accessing List of Denied/Allowed Usernames & IPs
    • πŸ”Viewing Details of Denied Attempts
    • πŸ”‘Allowing Usernames & IPs
  • Notifications & Reporting
    • πŸ“¨Receiving Email Notifications
    • πŸ“ŠAnalyzing Login Attempts & Statistics
      • πŸ“Dashboard Statistics
      • πŸ“Reviewing IP Logs
    • ⬇️Exporting IP Data
  • Troubleshooting & Support
    • πŸ—ƒοΈCommon Issues & Resolutions
      • πŸ“Unlocking An Admin That Gets Locked Out
      • πŸ“Seeing Login Attempts After an IP Address Has Been Denied by IP Access Rules
    • πŸ“ŠFrequently Asked Questions (FAQ)
      • πŸ“How do I know if I'm under attack?
      • πŸ“How can I tell that the premium plugin is working?
      • πŸ“Could these failed login attempts be fake?
      • πŸ“What happens if my site exceeds the request limits in the plan?
      • πŸ“What do I do if all users get blocked?
      • πŸ“What URLs are being attacked and protected?
      • πŸ“How is LLAR better than other brute-force protection plugins?
      • πŸ“What do I do when an admin gets blocked?
    • πŸ›Debug Info
      • πŸ“Software Version
    • πŸ™β€β™€οΈContacting Support For Assistance
  • Best Practices for Enhanced Security
    • πŸ”’Using Strong Passwords
    • βœ…Implementing Additional Security Measures
    • ⬇️Regularly Updating WordPress and Plugins
  • Conclusion
    • πŸ“„Recap of The Benefits of "Limit Login Attempts Reloaded"
    • ⭐Encouragement To Provide Feedback and Reviews
Powered by GitBook
On this page

Was this helpful?

  1. Troubleshooting & Support
  2. Common Issues & Resolutions

Seeing Login Attempts After an IP Address Has Been Denied by IP Access Rules

It’s common to see blocked IP’s making login attempts. They are not a threat, and will fail.

To stop a malicious login attempt completely, users would need to filter all traffic that goes to their website before it hits the WordPress installation. This is only possible when users have an extra level of software called β€œreverse proxy”.

With reverse proxy, all requests to a website including login attempts first hit that proxy, and if the proxy is smart enough, it will deny the bad requests and allow the good ones. Then the good requests will hit the website.

There are 2 main problems with reverse proxies:

  1. They are usually not easy to implement and hiring a web developer is required. Users will have to give the developer access to their domain management console and/or their hosting account console. Also users will have to install additional WordPress plugins that will make their site compatible with the proxies.

  2. The most popular proxies are generic. They are not dedicated to WordPress exclusively, instead they try to cover all websites. Hence they have much less information to decide whether a request is bad or not, compared to more focused solutions like Limit Login Attempts Reloaded.

A typical WordPress installation doesn’t use a proxy and all requests will reach the website. At this point, the Limit Login Attempts Plugin comes into play. The plugin decides if a request is legit enough to at least let it try to log in, and if it’s not, it stops the attempt right away.

Since all requests get to the site, users see the login attempts in their log even after they denied the related IPs, usernames or countries. All of them will get denied.

There is no comprehensive way to stop the attempts completely without using an extra piece of software called β€œreverse proxy”, but using the Limit Login Attempts Reloaded plugin will deny the malicious attempts.

PreviousUnlocking An Admin That Gets Locked OutNextFrequently Asked Questions (FAQ)

Last updated 1 year ago

Was this helpful?

πŸ—ƒοΈ
πŸ“