• 关于WordPress
    • 关于WordPress
    • WordPress.org
    • 文档
    • 支持
    • 反馈
  • 登录
  • 注册
跳至内容

WordPress.org

China 简体中文

  • 新闻
  • 主题
  • 插件
  • 论坛
  • 文档
  • 关于
  • 获取WordPress
  • 切换语言/语言包

插件

  • 我的收藏
  • Beta测试
  • 开发者
下载

Limit Login Attempts Reloaded

作者Limit Login Attempts Reloaded
  • 详情
  • 评价
  • 支持
  • 开发进展

描述

Limit Login Attempts Reloaded stops brute-force attacks and optimizes your site performance by limiting the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.

This plugin will block an Internet address (IP) and/or username from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.

WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute-force.

Limit Login Attempts Reloaded

Limit Login Attempts Reloaded Premium Cloud App
Enables cloud protection for Limit Login Attempts Reloaded plugin. It comes with all the great features you’ll need to stop hackers and bots from brute-force attacks. The cloud app offers several features including advanced protection out of the box, and the ability for site admins and agencies to sync safelists/blocklists across multiple domains. Click here to activate the cloud app for the best WordPress security plugin now!

Features:

  • Limit the number of retry attempts when logging in (per each IP).
  • Configurable lockout timings.
  • Informs the user about the remaining retries or lockout time on the login page.
  • Email notification of blocked attempts.
  • Logging of blocked attempts.
  • Safelist/Blocklist of IPs and Usernames (Support IP ranges).
  • Sucuri Website Firewall compatibility.
  • XMLRPC gateway protection.
  • Woocommerce登录页面保护。
  • Multi-site compatibility with extra MU settings.
  • GDPR compliant.
  • Custom IP origins support (Cloudflare, Sucuri, etc.)

Features (Premium Cloud App):

  • Performance Optimizer – Brute-force attacks absorbed in the cloud (Up to 100k requests monthly).
  • Throttling – Longer lockout intervals each time a hacker/bot tries to login unsuccessfully.
  • Auto Backups of All Data
  • Intelligent IP Blocking/Unblocking – Make sure the legitimate IP’s are allowed automatically.
  • Synchronized Lockouts – Lockouts can be shared between multiple domains.
  • Synchronized Safelist/Blocklist – Safelist/Blocklist can be shared between multiple domains.
  • Premium Support – Get answers within 24 hours in our support forum.
  • Enhanced lockout logs – A log of lockouts with extra features.
  • CSV Download of IP Data
  • Supports IPV6 Ranges For Safelist/Blocklist
  • Unlock The Locked Admin – Easily unlock the locked admin through the cloud.

Upgrading from the old Limit Login Attempts plugin?

  1. Go to the Plugins section in your site’s backend.
  2. Remove the Limit Login Attempts plugin.
  3. Install the Limit Login Attempts Reloaded plugin.

All your settings will be kept intact!

Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.

Help us bring Limit Login Attempts Reloaded to even more countries.

翻译:保加利亚语,巴西葡萄牙语,加泰罗尼亚语,中文(繁体),捷克语,荷兰语,芬兰语,法语,德语,匈牙利语,挪威语,波斯语,罗马尼亚语,俄语,西班牙语,瑞典语,土耳其语

Plugin uses standard actions and filters only.

Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.

Branding Guidelines

Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.
* Limit Login Attempts Reloaded (correct)
* Limit Login Attempts (incorrect)

屏幕截图

  • Login screen after a failed login with remaining retries
  • Lockout login screen
  • Administration interface in WordPress 5.2.1

常见问题

What do I do if all users get blocked?

If you are using contemporary hosting, it’s likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user’s IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our Cloud App, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.

What settings should I use In the plugin?

The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.

Can I share the safelist/blocklist throughout all of my sites?

By default, you will need to copy and paste the lists to each site manually. For the premium service, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin’s interface. The default options are recommended.

Where can I find answers to my Cloud App related questions?

Please follow this link: https://www.limitloginattempts.com/resources/

评价

Great plugin

msocheat 2021年1月25日
A useful and recommendable plugin!

great tool has saved me many times

megabuff57 2021年1月25日
i am regularly getting notified of 20 attempts blocked thankyou

Great plugin

xsmael 2021年1月23日
Does what it says, and perfectly!

5 Star – security guard at its best

AnzeigenSpezialist 2021年1月23日
I´m not a dev or nerd or coder or white hat. Also I need help to safe my website from all the poor guys who seem to see no way in their lives and talents not to screw up, but to do an ethically correct job. Limit Login Attempts helps me 100% with this plugin. Success is deserved. 5 star satisfaction for years!

Simple and easy

GordonM 2021年1月21日
Works well for me! Thanks.

A useful and recommendable plugin!

bassist 2021年1月21日
It apparently works very well - hundreds of unauthorized login attempts were blocked!
阅读所有的544评价

贡献者以及开发者

“Limit Login Attempts Reloaded” 是开源软件。 以下人员对此插件做出了贡献。

贡献者
  • WPChef

"Limit Login Attempts Reloaded "已被翻译成23种语言。 感谢译者的贡献。

将“Limit Login Attempts Reloaded”翻译成您的语言。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志。

更新日志

2.19.1

  • Welcome page.
  • Image and text updates.

2.19.0

  • Refactoring.
  • Feedback message location fixed.
  • Text changes.

2.18.0

  • Cloud API: usage chart added.
  • Text changes.

2.17.4

  • Missing jQuery images added.
  • PHP 5 compatibility fixed.
  • Custom App setup link replaced with setup code.

2.17.3

  • Plugin pages message.

2.17.2

  • Lockout notification refactored.

2.17.1

  • CSS cache issue fixed.
  • Notification text updated.

2.17.0

  • Refactoring.
  • Email text and notification updated.
  • New links in the list of plugins.

2.16.0

  • Custom Apps functionality implemented. More details: https://limitloginattempts.com/app/

2.15.2

  • Alternative method of closing the feedback message.

2.15.1

  • Refactoring.

2.15.0

  • Reset password feature has been removed as unwanted.
  • Small refactoring.

2.14.0

  • BuddyPress login error compatibility implemented.
  • UltimateMember compatibility implemented.
  • A PHP warning fixed.

2.13.0

  • Fixed incompatibility with PHP < 5.6.
  • Settings page layout refactored.

2.12.3

  • The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.

2.12.2

  • Fixed the feedback message not being shown, again.

2.12.1

  • Fixed the feedback message not being shown.

2.12.0

  • Small refactoring.
  • get_message() – fixed error notices.
  • This is the first time we are asking you for a feedback.

2.11.0

  • Blacklisted usernames can’t be registered anymore.

2.10.1

  • Fixed: GDPR compliance option could not be selected on the multisite installations.

2.10.0

  • Debug information has been added for better support.

2.9.0

  • 已添加“可信IP起源”选项。

2.8.1

  • Extra lockout options are back.

2.8.0

  • The plugin doesn’t trust any IP addresses other than _SERVER[“REMOTE_ADDR”] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER[“REMOTE_ADDR”] with wrong IPs which leads to mass blocking of users.

2.7.4

  • The lockout alerts can be sent to a configurable email address now.

2.7.3

  • Settings page is moved back to “Settings”.

2.7.2

  • Settings are moved to a separate page.
  • Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/

2.7.1

  • A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.

2.7.0

  • GDPR compliance implemented.

  • Fixed: ip_in_range() loop $ip overrides itself causing invalid results.
    https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/

  • Fixed: the plugin was locking out the same IP address multiple times, each with a different port.
    https://wordpress.org/support/topic/same-ip-different-port/

2.6.3

  • Added support of Sucuri Website Firewall.

2.6.2

  • Fixed the issue with backslashes in usernames.

2.6.1

  • Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.

  • Added support of IP ranges in white/black lists.

  • Lockouts now can be released selectively.

  • Fixed the issue with encoding of special symbols in email notifications.

2.5.0

  • Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/

2.4.0

  • 现在可以将用户名和IP地址列入白名单和黑名单。 https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
  • The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/

2.3.0

  • IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
  • A “Gateway” column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
  • The “Undefined index: client_type” error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/

2.2.0

  • Removed the “Handle cookie login” setting as they are now obsolete.
  • Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
  • Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/

2.1.0

  • The site connection settings are now applied automatically and therefore have been removed from the admin interface.
  • Now compatible with PHP 5.2 to support some older WP installations.

2.0.0

  • fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
  • fixed the deprecated functions issue
    https://wordpress.org/support/topic/using-deprecated-function
  • Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
  • added time stamp to unsuccessful tries on the plugin configuration page.
  • 修复了.po翻译文件问题。
  • code refactoring and optimization.

元信息

  • 版本:2.19.1
  • 最后更新:1周 之前
  • 有效安装数量:1+ 百万
  • WordPress版本: 3.0或更高
  • 经测试:5.6
  • 语言:

    Asturian、Catalan、Chinese (China)、Chinese (Taiwan)、Danish、Dutch、English (UK)、English (US)、French (Canada)、French (France)、Galician、German、Italian、Japanese、Norwegian (Bokmål)、Portuguese (Brazil)、Romanian、Russian、Spanish (Ecuador)、Spanish (Mexico)、Spanish (Spain)、Spanish (Venezuela)、Swedish和Ukrainian.

    翻译成您的语言

  • 标签:
    Brute Forcefirewallloginprotectionsecurity
  • 高级视图

评级

查看所有
  • 5星 523
  • 4星 10
  • 3星 3
  • 2星 2
  • 1星 6
登录以提交评价。

贡献者

  • WPChef

支持

最近两个月解决的问题:

总计 17,已解决 3

查看支持论坛

捐助

你愿意支持这个插件的发展吗?

捐助此插件

  • 关于WordPress
  • 博客
  • 主机
  • 捐助
  • 支持
  • 开发者
  • 参与
  • 学习
  • 陈列柜
  • 插件
  • 主题
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • 隐私
  • Public Code
  • @WordPress
  • WordPress

代码如诗