Brute Force warnings — accurate even if all users from same IP?

There is an option in the plugin’ settings page named “Consider brute-force after”, it has five possible values from “30 failed logins per hour” to “480 failed logins per hour”, you can select the higher and the plugin will (probably) not send the brute force attach reports.

Additionally, from the “Alert Settings” panel in the same page, I suggest you to disable (uncheck) the options “alerts for successful login attempts” and “alerts for failed login attempts” and only keep enabled (checked) the option “alerts for password guessing brute force attacks”, this will also reduce the number of unwanted notifications.

Also, if you add the trusted IP addresses to the “Trust IP” panel located in the same settings page the plugin will not send the alerts even if there were failed login attempts. You can use CIDR format here to save time.

Regarding the compatibility between this plugin and others, I have not received reports of issues related with broken functionality, maybe some rare cases of blocked resources being served in a hardened directory but you can always revert the hardening at any time. I know that some of our premium clients use more than one security plugin besides ours and their websites work just fine. I would say it is safe to install that plugin with Sucuri’s and nothing bad will happen.

Thanks.

I have been adding the IPs to the Trust IP panel, and they stick for a while even if I refresh the page, but some time later they are gone. I’m not sure why. I have three IPs that are quite different from one another so I didn’t think I needed to use CIDR. I just add the three IPs, they seem to stick, and then they’re gone when I go back later (List is empty).