Descrizione
Limit Login Attempts Reloaded stops brute force attacks and optimizes your site performance by limiting the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages. This is the only plugin you’ll need for your login security needs with over 2 million downloads worldwide.
This plugin will block an Internet address (IP) and/or username from making further attempts after a specified limit on retries has been reached, making a brute force attack difficult or impossible.
WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute force.
Limit Login Attempts Reloaded
Limit Login Attempts Reloaded Premium Cloud App
Enables cloud protection for Limit Login Attempts Reloaded plugin and enhances your login security. It comes with all the great features you’ll need to stop hackers and bots from brute force attacks. The cloud app offers several features including advanced protection out of the box, and the ability for site admins and agencies to sync safelists/blocklists across multiple domains. Click here to activate the cloud app for the best WordPress security plugin now!
Caratteristiche:
- Limita il numero dei tentativi ripetibili quando si tenta l’accesso (per ciascun IP).
- Tempi di blocco configurabili.
- Informa l’utente, nella pagina di autenticazione, sui tentativi rimanenti o sul tempo di blocco.
- Notifica via email dei tentativi bloccati.
- Log dei tentativi bloccati.
- Safelist e blocklist di IP e nomi utente (con supporto a range di IP).
- Compatibilità con Sucuri.
- Compatibilità con Wordfence.
- Ultimate Member compatibility.
- Protezione del gateway XMLRPC.
- Protezione della pagina di accesso di Woocommerce.
- Compatibilità con Multi-site con impostazioni MU aggiuntive.
- Conforme al GDPR.
- Supporto a origini IP personalizzate (Cloudflare, Sucuri, ecc.)
Caratteristiche (App cloud premium):
- Performance Optimizer – Brute force attacks absorbed in the cloud (Up to 100k requests monthly).
- Throttling – Intervalli di blocco più lunghi ogni volta che un malintenzionato/bot prova ad accedere senza successo
- Backup automatici di tutti i dati
- Blocchi e sblocchi intelligenti degli IP – Assicurati che i legittimi IP siano permessi in modo automatico.
- Blocchi sincronizzati – I blocchi possono essere condivisi tra più domini.
- Safelist e blocklist sincronizzate – Safelist e blocklist possono essere condivise tra più domini.
- Supporto premium – Ottieni risposte in 24 ore nel nostro forum di supporto.
- Log dei blocchi migliorato – Un log dei blocchi con caratteristiche aggiuntive
- Download in formato CSV dei dati degli IP
- Supporta range IPV6 per le safelist e le blocklist
- Sblocca l’amministratore bloccato – Sblocca facilmente tramite il cloud l’amministratore bloccato.
Stai aggiornando dal precedente plugin Limit Login Attempts?
- Vai nella sezione Plugin del backend del tuo sito.
- Rimuovi il plugin Limit Login Attempts.
- Installa il plugin Limit Login Attempts Reloaded.
Tutte le tue impostazioni rimarranno intatte!
Molte lingue sono attualmente supportate nel plugin Limit Login Attempts Reloaded ma diamo il benvenuto ad altre.
Aiutaci a portare Limit Login Attempts Reloaded a più paesi.
Traduzioni: bulgaro, portoghese brasiliano, catalano, cinese (tradizionale), ceco, olandese, finlandese, francese, tedesco, ungherese, norvegese, persiano, rumeno, russo, spagnolo, svedese, turco e italiano
Il plugin usa soltanto azioni e filtri standard.
Basato sul codice originale del plugin Limit Login Attempts di Johan Eenfeldt.
Linee guida del brand
Limit Login Attempts Reloaded™ è un marchio registrato di Atlantic Silicon Inc. Se scrivi qualcosa sul plugin, assicurati di usare Reloaded dopo Limit Login Attempts. Limit Login Attempts è il vecchio plugin.
* Limit Login Attempts Reloaded (corretto)
* Limit Login Attempts (sbagliato)
Screenshot
FAQ
-
Cosa faccio se tutti gli utenti vengono bloccati?
-
Se usi un hosting moderno, è probabile che il tuo sito usi un proxy domain service come CloudFlare, Sucuri, Nginx, ecc. Questi sostituiscono l’indirizzo IP del tuo utente con il loro. Se il server dove gira il tuo sito non è configurato in modo appropriato (questo accade spesso), tutti gli utenti avranno lo stesso indirizzo IP. Ciò si applica anche ai bot e ai malintenzionati. Perciò bloccare un utente significherà bloccare tutti. Se il plugin non usa la nostra Cloud App, puoi correggere la situazione usando l’impostazione Origini IP affidabili. Il servizio in cloud riconosce in modo intelligente le origini IP non standard e le gestisce in modo corretto, anche se il tuo hosting provider non lo fa.
-
Quali impostazioni dovrei usare nel plugin?
-
Le impostazioni sono spiegate in modo molto dettagliato nel plugin. Se non sei sicuro, usa le impostazioni predefinite, considerato che sono quelle raccomandate.
-
Per opzione predefinita, ti sarà chiesto di copiare e incollare manualmente le liste in ogni sito. Con il servizio premium, i siti sono raggruppati all’interno dello stesso account privato nel cloud. Ogni sito all’interno di quel gruppo può essere configurato per la condivisione dei suoi blocchi e delle liste di accesso con gli altri membri del gruppo. L’impostazione si trova all’interno dell’interfaccia del plugin. Le opzioni predefinite sono raccomandate.
-
Consulta questo link: https://www.limitloginattempts.com/resources/
Recensioni
Contributi e sviluppo
“Limit Login Attempts Reloaded” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito.
Collaboratori“Limit Login Attempts Reloaded” è stato tradotto in 33 lingue. Grazie ai traduttori per i loro contributi.
Traduci “Limit Login Attempts Reloaded” nella tua lingua.
Ti interessa lo sviluppo?
Esplora il Codice segui il Repository SVN iscriviti al Log delle Modifiche. Puoi farlo tramite RSS con un lettore di feed.
Changelog (registro delle modifiche)
2.25.18
- Fixed errors occurring in situations where two versions of the plugin are installed (which should not normally happen).
2.25.17
- Refactoring.
- Server load reducing optimization.
2.25.16
- Double slashes in paths removed.
- Better handling of cloud response codes.
2.25.15
- Error messages logic fixed.
2.25.14
- Multisite support improved.
- CSS outside of the plugin issue fixed.
- Better number formatting on the dashboard.
- Lockout email template updated.
2.25.13
- Ultimate Member compatibility.
- Fixed conflicting URL parameters in some rare cases.
- Updated attempts counter logic.
2.25.12
- Fixed IPv4 validation when passed with a port number.
- Fixed texts and translations.
2.25.11
- PHP 8 compatibility fixed.
- Logs loading issue fixed.
- Help and Extensions tabs added.
- Notification about auto updates added.
- Displaying of plugin version added.
- Text changes made.
2.25.10
- Tested with PHP 8.
- Small styles refactoring.
- Fixed a rare issue with events log not being displayed correctly.
- Chart library updated.
2.25.9
- Welcome page replaced with a modal.
2.25.8
- Email text, links updated.
2.25.7
- Country flags added to log.
- Refresh button added to log.
- Email text updated.
2.25.6
- Email links updated.
2.25.5
- Fixed Woocommerce integration.
- Updated some interface links.
2.25.4
- Fixed session error in rare cases.
- Access rules explained.
- Improved session behavior on the login page.
- Fixed warning on some GoDaddy installations.
2.25.3
- Improved compatibility with WordFence.
- Better handling of HTTP_X_FORWARDED_FOR on Debug tab.
- Added option to hide warning badge.
2.25.2
- Security indicator fixed for multisite.
2.25.1
- Added setting to turn the dashboard widged off.
- The widget is visible to admins only.
2.25.0
- Dashboard widged added.
- Security indicator added.
2.24.1
- Fixed E_ERROR occurring in rare cases when the log table is corrupted.
2.24.0
- Protection increased: bots can’t parse lockout messages anymore.
2.23.2
- Cloud: better unlock UX.
- Litle cleanup.
2.23.1
- Added infinite scroll for cloud logs.
2.23.0
- Reduced plugin size by removing obsolete translations.
- Cleaned up the dashboard.
- Cloud: added information about auto/manually-blocked IPs.
- GDPR: added an option to insert a link to a Privacy Policy page via a shortcode, clarified GDPR compliance.
2.22.1
- IP added to the email subject.
2.22.0
- Added support of CIDR notation for specifying IP ranges.
- Texts updated.
- Refactoring.
2.21.1
- Fixed: Uncaught Error: Call to a member function stats()
- Cloud API: added block by country.
- Refactoring.
2.21.0
- GDPR compliance: IPs obfuscation replaced with a customizable consent message on the login page.
- Cloud API: fixed removing of blocked IPs from the access lists under certain conditions.
- Cloud API: domain for Setup Code is taken from the WordPress settings now.
2.20.6
- Multisite tab links fixed.
2.20.5
- Option to show and hide the top-level menu item.
2.20.4
- Sucuri compatibility verified.
- Wordfence compatibility verified.
- Better menu navigation.
- Timezones fixed for the global chart.
2.20.3
- More clear wording.
- Cloud API: fixed double submit in the settings form.
- Better displaying of stats.
2.20.2
- Updated email text.
2.20.1
- New dashboard more clear stats.
2.20.0
- New dashboard with simple stats.
2.19.2
- Texts and links updated.
2.19.1
- Welcome page.
- Image and text updates.
2.19.0
- Refactoring.
- Feedback message location fixed.
- Text changes.
2.18.0
- Cloud API: usage chart added.
- Text changes.
2.17.4
- Missing jQuery images added.
- PHP 5 compatibility fixed.
- Custom App setup link replaced with setup code.
2.17.3
- Plugin pages message.
2.17.2
- Lockout notification refactored.
2.17.1
- CSS cache issue fixed.
- Notification text updated.
2.17.0
- Refactoring.
- Email text and notification updated.
- New links in the list of plugins.
2.16.0
- Custom Apps functionality implemented. More details: https://limitloginattempts.com/app/
2.15.2
- Alternative method of closing the feedback message.
2.15.1
- Refactoring.
2.15.0
- Reset password feature has been removed as unwanted.
- Small refactoring.
2.14.0
- BuddyPress login error compatibility implemented.
- UltimateMember compatibility implemented.
- A PHP warning fixed.
2.13.0
- Fixed incompatibility with PHP < 5.6.
- Settings page layout refactored.
2.12.3
- The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.
2.12.2
- Fixed the feedback message not being shown, again.
2.12.1
- Fixed the feedback message not being shown.
2.12.0
- Small refactoring.
- get_message() – fixed error notices.
- This is the first time we are asking you for a feedback.
2.11.0
- Blacklisted usernames can’t be registered anymore.
2.10.1
- Fixed: GDPR compliance option could not be selected on the multisite installations.
2.10.0
- Debug information has been added for better support.
2.9.0
- Trusted IP origins option has been added.
2.8.1
- Extra lockout options are back.
2.8.0
- The plugin doesn’t trust any IP addresses other than _SERVER[“REMOTE_ADDR”] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER[“REMOTE_ADDR”] with wrong IPs which leads to mass blocking of users.
2.7.4
- The lockout alerts can be sent to a configurable email address now.
2.7.3
- Settings page is moved back to “Settings”.
2.7.2
- Settings are moved to a separate page.
- Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/
2.7.1
- A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
2.7.0
-
GDPR compliance implemented.
-
Fixed: ip_in_range() loop $ip overrides itself causing invalid results.
https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/ -
Fixed: the plugin was locking out the same IP address multiple times, each with a different port.
https://wordpress.org/support/topic/same-ip-different-port/
2.6.3
- Added support of Sucuri Website Firewall.
2.6.2
- Fixed the issue with backslashes in usernames.
2.6.1
-
Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
-
Added support of IP ranges in white/black lists.
-
Lockouts now can be released selectively.
-
Fixed the issue with encoding of special symbols in email notifications.
2.5.0
- Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/
2.4.0
- Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
- The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/
2.3.0
- IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
- A “Gateway” column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
- The “Undefined index: client_type” error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/
2.2.0
- Removed the “Handle cookie login” setting as they are now obsolete.
- Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
- Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/
2.1.0
- The site connection settings are now applied automatically and therefore have been removed from the admin interface.
- Now compatible with PHP 5.2 to support some older WP installations.
2.0.0
- fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
- fixed the deprecated functions issue
https://wordpress.org/support/topic/using-deprecated-function - Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
- added time stamp to unsuccessful tries on the plugin configuration page.
- fixed .po translation files issue.
- code refactoring and optimization.