Version Description
- Refactoring.
- Feedback message location fixed.
- Text changes.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.19.0 |
Comparing to | |
See all releases |
Code changes from version 2.18.0 to 2.19.0
- assets/css/limit-login-attempts.css +1 -1
- assets/sass/limit-login-attempts.scss +1 -1
- core/LimitLoginAttempts.php +21 -36
- limit-login-attempts-reloaded.php +2 -2
- readme.txt +37 -26
- views/tab-settings.php +3 -9
assets/css/limit-login-attempts.css
CHANGED
@@ -1 +1 @@
|
|
1 |
-
.limit-login-page-settings .field-col{display:inline-block;margin-right:20px}.limit-login-page-settings .limit-login-log table{background-color:#fff}.limit-login-page-settings .limit-login-log table th,.limit-login-page-settings .limit-login-log table td{padding:10px}.limit-login-page-settings .limit-login-log table tr:nth-child(even){background-color:rgba(0,0,0,0.09)}.limit-login-page-settings #limit-login-app-setup-
|
1 |
+
.limit-login-page-settings .field-col{display:inline-block;margin-right:20px}.limit-login-page-settings .limit-login-log table{background-color:#fff}.limit-login-page-settings .limit-login-log table th,.limit-login-page-settings .limit-login-log table td{padding:10px}.limit-login-page-settings .limit-login-log table tr:nth-child(even){background-color:rgba(0,0,0,0.09)}.limit-login-page-settings #limit-login-app-setup-code{width:85%}.limit-login-page-settings .nav-tab-wrapper{position:relative}.limit-login-page-settings .nav-tab-wrapper .llar-failover-link{font-size:14px;float:right;line-height:2}.limit-login-page-settings .limit-login-app-dashboard .llar-table-scroll-wrap{max-height:400px;overflow-y:auto}.limit-login-page-settings .limit-login-app-dashboard .form-table{background-color:#fff;border:1px solid #f4f4f4;border-top:3px solid #3c8dbc;position:relative}.limit-login-page-settings .limit-login-app-dashboard .form-table.llar-preloader:before{content:"";display:block;width:100%;height:100%;background-color:rgba(255,255,255,0.7);z-index:999;position:absolute;top:0;left:0}.limit-login-page-settings .limit-login-app-dashboard .form-table th{font-weight:bold;border-bottom:1px solid #dbdbdb !important}.limit-login-page-settings .limit-login-app-dashboard .form-table th,.limit-login-page-settings .limit-login-app-dashboard .form-table td{padding:10px;border:1px solid #b9b9b9}.limit-login-page-settings .limit-login-app-dashboard .form-table th.llar-col-nowrap,.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-col-nowrap{white-space:nowrap}.limit-login-page-settings .limit-login-app-dashboard .form-table td button{line-height:1;margin-right:5px}.limit-login-page-settings .limit-login-app-dashboard .form-table td button:last-child{margin-right:0}.limit-login-page-settings .limit-login-app-dashboard .form-table td button .dashicons{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn{display:inline-block;line-height:20px;cursor:pointer}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn i{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn:hover i{color:#3c8dbc}.limit-login-page-settings .limit-login-app-dashboard .form-table tr:nth-child(even){background-color:#f9f9f9}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination>a{font-size:16px;line-height:1.625}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination .spinner{float:none}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col{-webkit-box-flex:0;-ms-flex:0 0 49%;flex:0 0 49%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table select{width:100%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-action-col{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-pass{background-color:#cffbe8}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-allow{background-color:#abdfff}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-deny{background-color:#fd2c2c3d}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-remove{color:crimson;border-color:crimson}.limit-login-page-settings .llar-app-notice{background-color:#fff;-webkit-box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);padding:15px;border-radius:3px;margin-top:20px;margin-bottom:20px;font-size:14px;border-left:5px solid #ffba00}.limit-login-page-settings .llar-app-notice.success{border-color:#46b450}.limit-login-page-settings .llar-app-notice p{font-size:inherit;margin:0 0 20px}.limit-login-page-settings .llar-app-notice p:last-child{margin-bottom:0}.limit-login-page-settings input[name="admin_notify_email"]{min-width:243px}.limit-login-page-settings .llar-protect-notice{font-size:15px;color:#848484;margin-left:10px}.limit-login-page-settings .llar-protect-notice a{color:#222222;text-decoration:none;border-bottom:1px dashed}.limit-login-page-settings .llar-show-app-fields{position:absolute;right:15px;top:15px;color:#bdbdbd}.limit-login-page-settings .llar-show-app-fields:hover{color:#222}.limit-login-page-settings .llar-app-field{display:none}.limit-login-page-settings .llar-app-field.active{display:table-row}.llar-notice-review,.llar-notice-notify{display:-webkit-box;display:-ms-flexbox;display:flex;padding:15px 20px 0 !important;border-left:4px solid #333 !important}.llar-notice-review .llar-review-image img,.llar-notice-notify .llar-review-image img{margin-top:10px;margin-bottom:20px}.llar-notice-review .llar-review-image span,.llar-notice-notify .llar-review-image span{font-size:80px;color:orange;width:80px;height:auto;margin-bottom:20px}.llar-notice-review .llar-review-info,.llar-notice-notify .llar-review-info{-webkit-box-flex:1;-ms-flex:1;flex:1;margin-left:30px}.llar-notice-review .llar-review-info .llar-buttons,.llar-notice-notify .llar-review-info .llar-buttons{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.llar-notice-review .llar-review-info .llar-buttons li,.llar-notice-notify .llar-review-info .llar-buttons li{margin-right:10px}.llar-notice-review .llar-review-info .llar-buttons li .dashicons,.llar-notice-notify .llar-review-info .llar-buttons li .dashicons{margin-right:5px}.llar-accordion .ui-accordion-header{font-weight:bold;background:#778899;color:#fff}.llar-accordion .ui-accordion-header.ui-accordion-header-active{background:#87CEFA}.custom-app-tab{position:relative}.custom-app-tab .spinner{float:none}.custom-app-tab .llar-app-ajax-msg{font-size:13px;margin-top:5px;display:block}.custom-app-tab .llar-app-ajax-msg.error{color:red}.custom-app-tab .llar-app-ajax-msg.success{color:green}.custom-app-tab .llar-delete-app{color:#dc3232;position:absolute;bottom:15px;right:15px}.custom-app-tab .llar-delete-app:hover{opacity:0.8}.custom-app-tab .llar-why-use-premium-text{margin-top:20px}.custom-app-tab .llar-why-use-premium-text .title{font-weight:bold;font-size:16px;color:#4d4d4d}.custom-app-tab .llar-why-use-premium-text ul li .dashicons{color:#3ab54a;font-size:25px;width:25px;top:-2px;position:relative}#llar-progress-bar{position:fixed;top:0;height:6px;left:0;width:100%;z-index:999999;background-color:#eee}#llar-progress-bar span{height:100%;position:absolute;display:block;width:0;background-color:#00b357;-webkit-transition:width 0.4s;transition:width 0.4s}#llar-header-upgrade-message{text-align:center;background-color:#f5f0c0;color:#222;padding:10px;margin-left:-20px;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.2);box-shadow:0 0 3px rgba(0,0,0,0.2)}#llar-header-upgrade-message p{margin:0}#llar-header-upgrade-message p .dashicons{color:#f2a64c;margin-right:5px}.settings_page_limit-login-attempts .update-nag{display:none}.llar-chart-wrap{width:100%;max-width:900px;margin:0 auto;clear:both}
|
assets/sass/limit-login-attempts.scss
CHANGED
@@ -15,7 +15,7 @@
|
|
15 |
}
|
16 |
}
|
17 |
|
18 |
-
#limit-login-app-setup-
|
19 |
width: 85%;
|
20 |
}
|
21 |
|
15 |
}
|
16 |
}
|
17 |
|
18 |
+
#limit-login-app-setup-code {
|
19 |
width: 85%;
|
20 |
}
|
21 |
|
core/LimitLoginAttempts.php
CHANGED
@@ -30,7 +30,7 @@ class Limit_Login_Attempts {
|
|
30 |
'cookies' => true,
|
31 |
|
32 |
/* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
|
33 |
-
'lockout_notify' => '
|
34 |
|
35 |
/* If notify by email, do so after this number of lockouts */
|
36 |
'notify_email_after' => 3,
|
@@ -95,7 +95,10 @@ class Limit_Login_Attempts {
|
|
95 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
96 |
|
97 |
add_filter( 'illegal_user_logins', array( $this, 'register_user_blacklist' ), 999 );
|
98 |
-
|
|
|
|
|
|
|
99 |
add_action( 'admin_notices', array( $this, 'show_leave_review_notice' ) );
|
100 |
add_action( 'wp_ajax_dismiss_review_notice', array( $this, 'dismiss_review_notice_callback' ) );
|
101 |
add_action( 'wp_ajax_dismiss_notify_notice', array( $this, 'dismiss_notify_notice_callback' ) );
|
@@ -190,16 +193,6 @@ class Limit_Login_Attempts {
|
|
190 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
191 |
|
192 |
add_filter( 'plugin_action_links_' . LLA_PLUGIN_BASENAME, array( $this, 'add_action_links' ) );
|
193 |
-
|
194 |
-
/**
|
195 |
-
* Transform setup link to setup code.
|
196 |
-
*/
|
197 |
-
if( ( $setup_link = $this->get_option( 'app_setup_link' ) ) && empty( $this->get_option( 'app_setup_code' ) ) ) {
|
198 |
-
|
199 |
-
$setup_link = str_replace( array( 'http://', 'https://' ), '', $setup_link );
|
200 |
-
$this->update_option( 'app_setup_code', strrev( $setup_link ) );
|
201 |
-
$this->delete_option( 'app_setup_link' );
|
202 |
-
}
|
203 |
}
|
204 |
|
205 |
public function add_action_links( $actions ) {
|
@@ -792,32 +785,21 @@ class Limit_Login_Attempts {
|
|
792 |
* @return bool|void
|
793 |
*/
|
794 |
public function notify( $user ) {
|
795 |
-
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
796 |
|
797 |
if( is_object( $user ) ) {
|
798 |
return false;
|
799 |
}
|
800 |
|
801 |
-
|
802 |
-
|
803 |
-
|
804 |
-
}
|
805 |
|
806 |
if ( empty( $args ) ) {
|
807 |
return;
|
808 |
}
|
809 |
|
810 |
-
|
811 |
-
|
812 |
-
$mode = trim( $mode );
|
813 |
-
|
814 |
-
if( $mode === 'log' ) {
|
815 |
-
$this->notify_log( $user );
|
816 |
-
}
|
817 |
-
|
818 |
-
if( $mode === 'email' ) {
|
819 |
-
$this->notify_email( $user );
|
820 |
-
}
|
821 |
}
|
822 |
}
|
823 |
|
@@ -894,8 +876,10 @@ class Limit_Login_Attempts {
|
|
894 |
$message = __( '<p>Hello%1$s,</p>' .
|
895 |
'<p>%2$d failed login attempts (%3$d lockout(s)) from IP <b>%4$s</b> and it was blocked for %5$s<br>' .
|
896 |
'Last user attempted: <b>%6$s</b></p>' .
|
897 |
-
'<p>Under Attack? <a href="%7$s" target="_blank">
|
898 |
-
'<a href="%8$s" target="_blank">
|
|
|
|
|
899 |
|
900 |
$message = sprintf(
|
901 |
$message,
|
@@ -906,6 +890,7 @@ class Limit_Login_Attempts {
|
|
906 |
$when,
|
907 |
$user,
|
908 |
'https://www.limitloginattempts.com/info.php?from=plugin-lockout-email',
|
|
|
909 |
admin_url( 'options-general.php?page=limit-login-attempts&tab=settings' )
|
910 |
);
|
911 |
|
@@ -1524,9 +1509,7 @@ class Limit_Login_Attempts {
|
|
1524 |
$this->update_option('trusted_ip_origins', $trusted_ip_origins );
|
1525 |
|
1526 |
$notify_methods = array();
|
1527 |
-
|
1528 |
-
$notify_methods[] = 'log';
|
1529 |
-
}
|
1530 |
if( isset( $_POST[ 'lockout_notify_email' ] ) ) {
|
1531 |
$notify_methods[] = 'email';
|
1532 |
}
|
@@ -1636,7 +1619,9 @@ class Limit_Login_Attempts {
|
|
1636 |
@setcookie('llar_review_notice_shown', '', time() - 3600, '/');
|
1637 |
}
|
1638 |
|
1639 |
-
if ( !current_user_can('manage_options') ||
|
|
|
|
|
1640 |
|
1641 |
$activation_timestamp = $this->get_option('activation_timestamp');
|
1642 |
|
@@ -1883,9 +1868,9 @@ class Limit_Login_Attempts {
|
|
1883 |
|
1884 |
check_ajax_referer('llar-action', 'sec');
|
1885 |
|
1886 |
-
if( !empty( $_POST['
|
1887 |
|
1888 |
-
$setup_code = sanitize_text_field( $_POST['
|
1889 |
$link = strrev( $setup_code );
|
1890 |
|
1891 |
if( $setup_result = LLAR_App::setup( $link ) ) {
|
30 |
'cookies' => true,
|
31 |
|
32 |
/* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
|
33 |
+
'lockout_notify' => 'email',
|
34 |
|
35 |
/* If notify by email, do so after this number of lockouts */
|
36 |
'notify_email_after' => 3,
|
95 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
96 |
|
97 |
add_filter( 'illegal_user_logins', array( $this, 'register_user_blacklist' ), 999 );
|
98 |
+
|
99 |
+
// TODO: Temporary turn off the holiday warning.
|
100 |
+
//add_action( 'admin_notices', array( $this, 'show_enable_notify_notice' ) );
|
101 |
+
|
102 |
add_action( 'admin_notices', array( $this, 'show_leave_review_notice' ) );
|
103 |
add_action( 'wp_ajax_dismiss_review_notice', array( $this, 'dismiss_review_notice_callback' ) );
|
104 |
add_action( 'wp_ajax_dismiss_notify_notice', array( $this, 'dismiss_notify_notice_callback' ) );
|
193 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
194 |
|
195 |
add_filter( 'plugin_action_links_' . LLA_PLUGIN_BASENAME, array( $this, 'add_action_links' ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
196 |
}
|
197 |
|
198 |
public function add_action_links( $actions ) {
|
785 |
* @return bool|void
|
786 |
*/
|
787 |
public function notify( $user ) {
|
|
|
788 |
|
789 |
if( is_object( $user ) ) {
|
790 |
return false;
|
791 |
}
|
792 |
|
793 |
+
$this->notify_log( $user );
|
794 |
+
|
795 |
+
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
|
|
796 |
|
797 |
if ( empty( $args ) ) {
|
798 |
return;
|
799 |
}
|
800 |
|
801 |
+
if( in_array( 'email', $args ) ) {
|
802 |
+
$this->notify_email( $user );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
803 |
}
|
804 |
}
|
805 |
|
876 |
$message = __( '<p>Hello%1$s,</p>' .
|
877 |
'<p>%2$d failed login attempts (%3$d lockout(s)) from IP <b>%4$s</b> and it was blocked for %5$s<br>' .
|
878 |
'Last user attempted: <b>%6$s</b></p>' .
|
879 |
+
'<p>Under Attack? Learn more about <a href="%7$s" target="_blank">brute force attacks</a>. ' .
|
880 |
+
'Have Questions? Visit our <a href="%8$s" target="_blank">help section</a>.<br>' .
|
881 |
+
'<a href="%9$s">Unsubscribe</a> from these notifications.</p>' .
|
882 |
+
"<hr><p>This notification was sent automatically via <b>Limit Login Attempts Reloaded Plugin</b>.</p>", 'limit-login-attempts-reloaded' );
|
883 |
|
884 |
$message = sprintf(
|
885 |
$message,
|
890 |
$when,
|
891 |
$user,
|
892 |
'https://www.limitloginattempts.com/info.php?from=plugin-lockout-email',
|
893 |
+
'https://www.limitloginattempts.com/resources/?from=plugin-lockout-email',
|
894 |
admin_url( 'options-general.php?page=limit-login-attempts&tab=settings' )
|
895 |
);
|
896 |
|
1509 |
$this->update_option('trusted_ip_origins', $trusted_ip_origins );
|
1510 |
|
1511 |
$notify_methods = array();
|
1512 |
+
|
|
|
|
|
1513 |
if( isset( $_POST[ 'lockout_notify_email' ] ) ) {
|
1514 |
$notify_methods[] = 'email';
|
1515 |
}
|
1619 |
@setcookie('llar_review_notice_shown', '', time() - 3600, '/');
|
1620 |
}
|
1621 |
|
1622 |
+
if ( !current_user_can('manage_options') ||
|
1623 |
+
$this->get_option('review_notice_shown') ||
|
1624 |
+
!in_array( $screen->base, array( 'dashboard', 'plugins', 'settings_page_limit-login-attempts' ) ) ) return;
|
1625 |
|
1626 |
$activation_timestamp = $this->get_option('activation_timestamp');
|
1627 |
|
1868 |
|
1869 |
check_ajax_referer('llar-action', 'sec');
|
1870 |
|
1871 |
+
if( !empty( $_POST['code'] ) ) {
|
1872 |
|
1873 |
+
$setup_code = sanitize_text_field( $_POST['code'] );
|
1874 |
$link = strrev( $setup_code );
|
1875 |
|
1876 |
if( $setup_result = LLAR_App::setup( $link ) ) {
|
limit-login-attempts-reloaded.php
CHANGED
@@ -5,9 +5,9 @@ Description: Limit the rate of login attempts for each IP address.
|
|
5 |
Author: Limit Login Attempts Reloaded
|
6 |
Author URI: https://limitloginattempts.com/
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
-
Version: 2.
|
9 |
|
10 |
-
Copyright 2008 - 2012 Johan Eenfeldt, 2016 -
|
11 |
*/
|
12 |
|
13 |
/***************************************************************************************
|
5 |
Author: Limit Login Attempts Reloaded
|
6 |
Author URI: https://limitloginattempts.com/
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.19.0
|
9 |
|
10 |
+
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2021 Limit Login Attempts Reloaded
|
11 |
*/
|
12 |
|
13 |
/***************************************************************************************
|
readme.txt
CHANGED
@@ -4,28 +4,31 @@ Donate link: https://www.paypal.com/donate?hosted_button_id=FKD4MYFCMNVQQ
|
|
4 |
Tags: brute force, login, security, firewall, protection
|
5 |
Requires at least: 3.0
|
6 |
Tested up to: 5.6
|
7 |
-
Stable tag: 2.
|
8 |
|
9 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
10 |
|
11 |
== Description ==
|
12 |
|
13 |
-
Limit the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.
|
14 |
|
15 |
-
|
16 |
|
17 |
-
|
18 |
|
19 |
-
|
20 |
-
>
|
|
|
21 |
|
22 |
https://www.youtube.com/watch?v=IsotthPWCPA
|
23 |
|
24 |
= Features: =
|
25 |
-
* Limit the number of retry attempts when logging in (per each IP).
|
|
|
26 |
* Informs the user about the remaining retries or lockout time on the login page.
|
27 |
-
*
|
28 |
-
*
|
|
|
29 |
* Sucuri Website Firewall compatibility.
|
30 |
* **XMLRPC** gateway protection.
|
31 |
* **Woocommerce** login page protection.
|
@@ -33,24 +36,28 @@ https://www.youtube.com/watch?v=IsotthPWCPA
|
|
33 |
* **GDPR** compliant.
|
34 |
* **Custom IP origins** support (Cloudflare, Sucuri, etc.)
|
35 |
|
36 |
-
= Features (Cloud
|
37 |
-
* **
|
38 |
-
* **Throttling** - Longer lockout intervals each time a hacker/bot tries to login unsuccessfully
|
39 |
-
* **Auto
|
40 |
-
* **
|
41 |
-
* **
|
42 |
-
* **Synchronized
|
43 |
-
* **Premium
|
44 |
-
* **Enhanced lockout logs** - A log of lockouts with extra features
|
|
|
|
|
|
|
45 |
|
46 |
= Upgrading from the old Limit Login Attempts plugin? =
|
47 |
1. Go to the Plugins section in your site's backend.
|
48 |
1. Remove the Limit Login Attempts plugin.
|
49 |
1. Install the Limit Login Attempts Reloaded plugin.
|
50 |
|
51 |
-
All your settings will be kept
|
52 |
|
53 |
Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.
|
|
|
54 |
Help us bring Limit Login Attempts Reloaded to even more countries.
|
55 |
|
56 |
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
|
@@ -66,21 +73,21 @@ Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When wr
|
|
66 |
|
67 |
== Screenshots ==
|
68 |
|
69 |
-
1.
|
70 |
-
2. Lockout
|
71 |
3. Administration interface in WordPress 5.2.1
|
72 |
|
73 |
== Frequently Asked Questions ==
|
74 |
|
75 |
= What do I do if all users get blocked? =
|
76 |
|
77 |
-
If you are using contemporary hosting, it's likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user's IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our <a href="https://www.limitloginattempts.com/">Cloud App</a>, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
|
78 |
|
79 |
-
= What settings should I use In
|
80 |
|
81 |
The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
|
82 |
|
83 |
-
= Can I share the
|
84 |
|
85 |
By default, you will need to copy and paste the lists to each site manually. For the <a href="https://www.limitloginattempts.com/features/">premium service</a>, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin's interface. The default options are recommended.
|
86 |
|
@@ -90,8 +97,12 @@ Please follow this link: <a href="https://www.limitloginattempts.com/resources/"
|
|
90 |
|
91 |
== Changelog ==
|
92 |
|
|
|
|
|
|
|
|
|
|
|
93 |
= 2.18.0 =
|
94 |
-
*
|
95 |
* Cloud API: usage chart added.
|
96 |
* Text changes.
|
97 |
|
@@ -234,4 +245,4 @@ https://wordpress.org/support/topic/using-deprecated-function
|
|
234 |
* Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
|
235 |
* added time stamp to unsuccessful tries on the plugin configuration page.
|
236 |
* fixed .po translation files issue.
|
237 |
-
* code refactoring and optimization.
|
4 |
Tags: brute force, login, security, firewall, protection
|
5 |
Requires at least: 3.0
|
6 |
Tested up to: 5.6
|
7 |
+
Stable tag: 2.19.0
|
8 |
|
9 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
10 |
|
11 |
== Description ==
|
12 |
|
13 |
+
Limit Login Attempts Reloaded stops brute-force attacks and optimizes your site performance by limiting the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.
|
14 |
|
15 |
+
This plugin will block an Internet address (IP) and/or username from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
|
16 |
|
17 |
+
WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute-force.
|
18 |
|
19 |
+
Limit Login Attempts Reloaded
|
20 |
+
> <strong>Limit Login Attempts Reloaded Premium Cloud App</strong><br>
|
21 |
+
> Enables cloud protection for Limit Login Attempts Reloaded plugin. It comes with all the great features you'll need to stop hackers and bots from brute-force attacks. The cloud app <a href="https://www.limitloginattempts.com/features/">offers several features</a> including advanced protection out of the box, and the ability for site admins and agencies to sync safelists/blocklists across multiple domains. <a href="https://app.limitloginattempts.com/network/create">Click here to activate the cloud app for the best WordPress security plugin now!</a>
|
22 |
|
23 |
https://www.youtube.com/watch?v=IsotthPWCPA
|
24 |
|
25 |
= Features: =
|
26 |
+
* Limit the number of retry attempts when logging in (per each IP).
|
27 |
+
* Configurable lockout timings.
|
28 |
* Informs the user about the remaining retries or lockout time on the login page.
|
29 |
+
* Email notification of blocked attempts.
|
30 |
+
* Logging of blocked attempts.
|
31 |
+
* Safelist/Blocklist of IPs and Usernames (Support IP ranges).
|
32 |
* Sucuri Website Firewall compatibility.
|
33 |
* **XMLRPC** gateway protection.
|
34 |
* **Woocommerce** login page protection.
|
36 |
* **GDPR** compliant.
|
37 |
* **Custom IP origins** support (Cloudflare, Sucuri, etc.)
|
38 |
|
39 |
+
= Features (Premium Cloud App): =
|
40 |
+
* **Performance Optimizer** - Brute-force attacks absorbed in the cloud (Up to 100k requests monthly).
|
41 |
+
* **Throttling** - Longer lockout intervals each time a hacker/bot tries to login unsuccessfully.
|
42 |
+
* **Auto Backups of All Data**
|
43 |
+
* **Intelligent IP Blocking/Unblocking** - Make sure the legitimate IP’s are allowed automatically.
|
44 |
+
* **Synchronized Lockouts** - Lockouts can be shared between multiple domains.
|
45 |
+
* **Synchronized Safelist/Blocklist** - Safelist/Blocklist can be shared between multiple domains.
|
46 |
+
* **Premium Support** - Get answers within 24 hours in our support forum.
|
47 |
+
* **Enhanced lockout logs** - A log of lockouts with extra features.
|
48 |
+
* **CSV Download of IP Data**
|
49 |
+
* **Supports IPV6 Ranges For Safelist/Blocklist**
|
50 |
+
* **Unlock The Locked Admin** - Easily unlock the locked admin through the cloud.
|
51 |
|
52 |
= Upgrading from the old Limit Login Attempts plugin? =
|
53 |
1. Go to the Plugins section in your site's backend.
|
54 |
1. Remove the Limit Login Attempts plugin.
|
55 |
1. Install the Limit Login Attempts Reloaded plugin.
|
56 |
|
57 |
+
All your settings will be kept intact!
|
58 |
|
59 |
Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.
|
60 |
+
|
61 |
Help us bring Limit Login Attempts Reloaded to even more countries.
|
62 |
|
63 |
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
|
73 |
|
74 |
== Screenshots ==
|
75 |
|
76 |
+
1. Login screen after a failed login with remaining retries
|
77 |
+
2. Lockout login screen
|
78 |
3. Administration interface in WordPress 5.2.1
|
79 |
|
80 |
== Frequently Asked Questions ==
|
81 |
|
82 |
= What do I do if all users get blocked? =
|
83 |
|
84 |
+
If you are using contemporary hosting, it's likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user's IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our <a href="https://www.limitloginattempts.com/features/">Cloud App</a>, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
|
85 |
|
86 |
+
= What settings should I use In the plugin? =
|
87 |
|
88 |
The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
|
89 |
|
90 |
+
= Can I share the safelist/blocklist throughout all of my sites?=
|
91 |
|
92 |
By default, you will need to copy and paste the lists to each site manually. For the <a href="https://www.limitloginattempts.com/features/">premium service</a>, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin's interface. The default options are recommended.
|
93 |
|
97 |
|
98 |
== Changelog ==
|
99 |
|
100 |
+
= 2.19.0 =
|
101 |
+
* Refactoring.
|
102 |
+
* Feedback message location fixed.
|
103 |
+
* Text changes.
|
104 |
+
|
105 |
= 2.18.0 =
|
|
|
106 |
* Cloud API: usage chart added.
|
107 |
* Text changes.
|
108 |
|
245 |
* Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
|
246 |
* added time stamp to unsuccessful tries on the plugin configuration page.
|
247 |
* fixed .po translation files issue.
|
248 |
+
* code refactoring and optimization.
|
views/tab-settings.php
CHANGED
@@ -9,7 +9,6 @@ if( !defined( 'ABSPATH' ) ) exit();
|
|
9 |
$gdpr = $this->get_option( 'gdpr' );
|
10 |
|
11 |
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
12 |
-
$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
|
13 |
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
14 |
|
15 |
$admin_notify_email = $this->get_option( 'admin_notify_email' );
|
@@ -74,11 +73,6 @@ $active_app_config = $this->get_custom_app_config();
|
|
74 |
<th scope="row"
|
75 |
valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
76 |
<td>
|
77 |
-
<?php /*
|
78 |
-
<input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?>
|
79 |
-
value="log"/> <?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?><br/>
|
80 |
-
*/ ?>
|
81 |
-
|
82 |
<input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
|
83 |
value="email"/> <?php echo __( 'Email to', 'limit-login-attempts-reloaded' ); ?>
|
84 |
<input type="email" name="admin_notify_email"
|
@@ -162,7 +156,7 @@ $active_app_config = $this->get_custom_app_config();
|
|
162 |
<th scope="row"
|
163 |
valign="top"><?php echo __( 'Setup Code', 'limit-login-attempts-reloaded' ); ?></th>
|
164 |
<td>
|
165 |
-
<input type="text" class="regular-text" id="limit-login-app-setup-
|
166 |
<button class="button" id="limit-login-app-setup"><?php echo __( 'Submit', 'limit-login-attempts-reloaded' ); ?></button>
|
167 |
<span class="spinner llar-app-ajax-spinner"></span><br>
|
168 |
<span class="llar-app-ajax-msg"></span>
|
@@ -250,11 +244,11 @@ $active_app_config = $this->get_custom_app_config();
|
|
250 |
$app_ajax_msg.text('').removeClass('success error');
|
251 |
$app_ajax_spinner.css('visibility', 'visible');
|
252 |
|
253 |
-
var
|
254 |
|
255 |
$.post(ajaxurl, {
|
256 |
action: 'app_setup',
|
257 |
-
|
258 |
sec: '<?php echo esc_js( wp_create_nonce( "llar-action" ) ); ?>'
|
259 |
}, function(response){
|
260 |
|
9 |
$gdpr = $this->get_option( 'gdpr' );
|
10 |
|
11 |
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
|
|
12 |
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
13 |
|
14 |
$admin_notify_email = $this->get_option( 'admin_notify_email' );
|
73 |
<th scope="row"
|
74 |
valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
75 |
<td>
|
|
|
|
|
|
|
|
|
|
|
76 |
<input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
|
77 |
value="email"/> <?php echo __( 'Email to', 'limit-login-attempts-reloaded' ); ?>
|
78 |
<input type="email" name="admin_notify_email"
|
156 |
<th scope="row"
|
157 |
valign="top"><?php echo __( 'Setup Code', 'limit-login-attempts-reloaded' ); ?></th>
|
158 |
<td>
|
159 |
+
<input type="text" class="regular-text" id="limit-login-app-setup-code" value="<?php echo ( !empty( $app_setup_code ) ) ? esc_attr( $app_setup_code ) : ''; ?>">
|
160 |
<button class="button" id="limit-login-app-setup"><?php echo __( 'Submit', 'limit-login-attempts-reloaded' ); ?></button>
|
161 |
<span class="spinner llar-app-ajax-spinner"></span><br>
|
162 |
<span class="llar-app-ajax-msg"></span>
|
244 |
$app_ajax_msg.text('').removeClass('success error');
|
245 |
$app_ajax_spinner.css('visibility', 'visible');
|
246 |
|
247 |
+
var setup_code = $('#limit-login-app-setup-code').val();
|
248 |
|
249 |
$.post(ajaxurl, {
|
250 |
action: 'app_setup',
|
251 |
+
code: setup_code,
|
252 |
sec: '<?php echo esc_js( wp_create_nonce( "llar-action" ) ); ?>'
|
253 |
}, function(response){
|
254 |
|