Descripció
Limit the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.
WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute-force.
Limit Login Attempts Reloaded blocks an Internet address (IP) from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
Limit Login Attempts Reloaded Cloud App
Enables cloud protection app for Limit Login Attempts Reloaded plugin. It comes with all the great features you’ll need to stop hackers and bots from brute-force attacks. The cloud app offers several features including advanced protection out of the box, and the ability for site admins and agencies to sync allow/deny/pass lists across multiple domains. Click here to activate the cloud app for the best WordPress security plugin now!
Funcionalitats:
- Limita el número de reintents en iniciar sessió (per IP). Això és completament personalitzable.
- Informa a l’usuari sobre els intents restants o el temps de bloqueig a la pàgina d’inici de sessió.
- Logging and optional email notification.
- It is possible to allow/deny IPs and Usernames.
- Compatible amb Sucuri Website Firewall.
- Protecció de la porta d’enllaç XMLRPC.
- Protecció de la pàgina d’inici de sessió de Woocommerce.
- Compatible amb multilloc amb ajustos addicionals.
- GDPR compliant.
- Suport per a orígens d’IP personalitzats (Cloudfare, Sucuri, etc)
Features (Cloud app):
- Outsource the site load – All calculations and database queries are done in the cloud
- Throttling – Longer lockout intervals each time a hacker/bot tries to login unsuccessfully
- Auto backups of all data
- Autofix diverse origin IPs (e.g. Cloudflare) – Securely trust certain popular IP origins out of the box
- Synced lockout & deny/pass lists check – Lockouts can be shared between sites of the same admin
- Synchronized allow/deny/pass lists – Allow/Deny/Pass lists can be shared between sites of the same admin
- Premium forum support – Get answers within 1-2 business days.
- Enhanced lockout logs – A log of lockouts with extra features
Upgrading from the old Limit Login Attempts plugin?
- Vés a la secció d’extensions de l’àrea d’administració de la teva web.
- Elimina l’extensió Limit Login Attempts.
- Instal·la l’extensió Limit Login Attempts Reloaded.
La teva configuració romandrà intacta!
Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.
Help us bring Limit Login Attempts Reloaded to even more countries.
Traduccions: búlgar, portuguès brasiler, català, xinès (tradicional), txec, holandès, finès, francès, alemany, hongarès, noruec, persa, romanès, rus, espanyol, suec, turc
L’extensió només fa servir accions i filtres estàndard.
Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.
Branding Guidelines
Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.
* Limit Login Attempts Reloaded (correct)
* Limit Login Attempts (incorrect)
Captures
Pantalla d'inici de sessió després d'un inici de sessió fallit amb reintents restants 
Pantalla d'inici de sessió bloquejada 
Interfície d'administració a WordPress 5.2.1
PMF
-
What do I do if all users get blocked?
-
If you are using contemporary hosting, it’s likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user’s IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our Cloud App, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
-
What settings should I use In The Plugin?
-
The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
-
Can I share the allow/deny/pass lists throughout all of my sites?
-
By default, you will need to copy and paste the lists to each site manually. For the premium service, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin’s interface. The default options are recommended.
-
Where can I find answers to my Cloud App related questions?
-
Please follow this link: https://www.limitloginattempts.com/resources/
Ressenyes
Col·laboradors i desenvolupadors
"Limit Login Attempts Reloaded" és programari de codi obert. La següent gent ha contribuït en aquesta extensió.
Contribuïdors
“Limit Login Attempts Reloaded” s'ha traduït a 22 localitzacions. Gràcies als traductos per les seves aportacions.
Tradueix “Limit Login Attempts Reloaded” a la teva llengua.
Interessats en el desenvolupament?
Navegueu pel codi, baixeu-vos el repositori SVN, o subscriviu-vos al registre de desenvolupament per fisl de subscripció RSS.
Registre de canvis
2.16.0
- Custom Apps functionality implemented. More details: https://limitloginattempts.com/app/
2.15.2
- Alternative method of closing the feedback message.
2.15.1
- Refactoring.
2.15.0
- Reset password feature has been removed as unwanted.
- Small refactoring.
2.14.0
- BuddyPress login error compatibility implemented.
- UltimateMember compatibility implemented.
- A PHP warning fixed.
2.13.0
- Fixed incompatibility with PHP < 5.6.
- Settings page layout refactored.
2.12.3
- The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.
2.12.2
- Fixed the feedback message not being shown, again.
2.12.1
- Fixed the feedback message not being shown.
2.12.0
- Small refactoring.
- get_message() – fixed error notices.
- This is the first time we are asking you for a feedback.
2.11.0
- Blacklisted usernames can’t be registered anymore.
2.10.1
- Fixed: GDPR compliance option could not be selected on the multisite installations.
2.10.0
- S’ha afegit informació sobre depuració per a un millor suport.
2.9.0
- S’ha afegit l’opció «orígens d’IP de confiança»
2.8.1
- Les opcions de bloqueig extra han tornat.
2.8.0
- L’extensió ja no confia en altres adreces a part de _SERVER[“REMOTE_ADDR”]. Confiar en d’altres adreces d’origen fa les proteccions inútils perquè poden ser falsejades fàcilment. Aquesta nova versió proporciona una forma per desbloquejar IPs per els llocs que fan servir un proxy invers junt amb servidors mal configurats i que omplen _SERVER[“REMOTE_ADDR”] amb adreces incorrectes que provoquen bloqueig massius d’usuaris.
2.7.4
- Ara les alertes de bloqueig es poden enviar a una adreça de correu configurable.
2.7.3
- Els paràmetres tornen a la pàgina de “Paràmetres”.
2.7.2
- Els paràmetres es mouen a una altra pàgina.
- Corregit: missatge d’error d’inici de sessió. https://wordpress.org/support/topic/how-to-change-login-error-message/
2.7.1
- A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
2.7.0
-
GDPR compliance implemented.
-
Fixed: ip_in_range() loop $ip overrides itself causing invalid results.
https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/ -
Fixed: the plugin was locking out the same IP address multiple times, each with a different port.
https://wordpress.org/support/topic/same-ip-different-port/
2.6.3
- Added support of Sucuri Website Firewall.
2.6.2
- Fixed the issue with backslashes in usernames.
2.6.1
-
Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
-
Added support of IP ranges in white/black lists.
-
Lockouts now can be released selectively.
-
Fixed the issue with encoding of special symbols in email notifications.
2.5.0
- Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/
2.4.0
- Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
- The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/
2.3.0
- IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
- A “Gateway” column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
- The “Undefined index: client_type” error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/
2.2.0
- Removed the “Handle cookie login” setting as they are now obsolete.
- Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
- Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/
2.1.0
- The site connection settings are now applied automatically and therefore have been removed from the admin interface.
- Now compatible with PHP 5.2 to support some older WP installations.
2.0.0
- fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
- fixed the deprecated functions issue
https://wordpress.org/support/topic/using-deprecated-function - Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
- added time stamp to unsuccessful tries on the plugin configuration page.
- fixed .po translation files issue.
- code refactoring and optimization.