If you are using contemporary hosting, it’s likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user’s IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. In the free version of the plugin this can be adjusted using the Trusted IP Origin setting. In the premium version, the cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
No, our plugin does not attack sites. You can read more on fake login attempts here. We follow all rules required by WordPress plugin development terms. Also the plugin is open-source and being regularly inspected.
Open the site from another IP. You can do this from your cell phone, or use Opera browser and enabling free VPN there. You can also try turning off your router for a few minutes and then see if you get a different IP address. These will work if your hosting server is configured correctly. If that doesn’t work, connect to the site using FTP or your hosting control panel file manager. Navigate to wp-content/plugins/ and rename the limit-login-attempts-reloaded folder. Log in to the site then rename that folder back and whitelist your IP. By upgrading to our premium app, you will have the unlocking functionality right from the cloud so you’ll never have to deal with this issue.
It’s not uncommon for GoDaddy hosting customers to contact us because they are not familiar with our plugin, nor do they visually see it installed on their WordPress admin dashboard. Yet, they still receive failed login alerts by the plugin. We created an article here to help you figure out if the plugin is installed on your website.
You can turn these emails off in the plugin settings within the WordPress Dashboard.
Yes. On the free version, you will need to copy and paste the lists to each site, which is not very efficient. For the premium service, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin’s interface. The default options are recommended.
Deny rules is also commonly known as the “black list” of IP addresses you don’t want to have access to your login page. Users will often add IP’s or ranges of IP’s that are identified as malicious from their lockout logs.
The premium service is built on Amazon Web Service infrastructure using high speed serverless technology. We store the data in DynamoDB, process it via Lambda functions and communicate it through the API Gateway. These solutions are top of the line, incredibly fast, secure and scalable right out of the box.
The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
Yes.
We understand it might seem that login attempts are fake because there are so many of them. We recommend reading this article for more details.
Most websites are hosted on a shared IP address. What this means is that your website and several others share the same space on a server, and it’s likely that those sites are experiencing brute force attacks already. When a new site is created on a shared IP address, the brute force bots can immediately detect it and start attacking. When a new domain is created, it is logged in the WHOIS database, which is accessible to the public. Hackers often will crawl this database for new targets.
This is normal for many users. This means that there has been existing bot behavior on your account.
It’s important to initially name your admin user something else other than admin or administrator and never post anything from that account. Only use the ones with editor or contributor permissions. The bots parse your site looking for usernames and then use them to attack your login page. Often the usernames are exposed in page URLs.
Please read this article for a detailed answer.
Most likely your web hosting provider has some misconfiguration in their web servers. Ask them to investigate and make adjustments to the server.
When a severe brute force attack occurs, thousands of IPs ping your website putting a strain on system resources. As a result, your website might run slower.
Most likely your IP address got changed since most of the IP addresses given to clients by their ISPs are dynamic. Please contact your hosting administrator for assistance.
You also need to make sure the new login URL is not exposed anywhere on your site as attacking bots can parse the pages and find the updated URLs. Also there’s another login page called xmlrpc.php that brute force attack scripts target. You need to disable it if you are not using it. There are some plugins that will do this for you. The premium version of LLAR does that as well.
This is because you are probably looking at the global stats for our entire network. Please read each graph carefully.
LLAR is not sending attack emails. These are sent via the plugin that is installed on your website.
LLAR (the company) does not know your website or email. The plugin does not send any data back to us unless you subscribe to premium. Any emails you receive from LLAR are generated from the plugin installed on your website.
They scrape it from your posts. That’s why it’s important to initially rename your admin account and never use it for posting.
Yes, but it’s possible they might conflict with each other. Make sure to test both plugins after installing to ensure all features work properly.
The URLs being protected are your login page (wp-login.php, wp-admin), xmlrpc.php, WooCommerce login page, and any custom login page you have that uses regular WordPress login hooks.