LLAR Tech

On the login firewall tab there is a Failover link. Click on it and you’ll get to the local interface of the plugin. All your local rules are kept there. You can copy them and then enter in a batch at your billing account of the cloud version of the plugin – you should have received access to it by email.

These lists are an “OR”. Does your server recognize IPs correctly? If you remove all lockouts and keep the safe rule, will the issue repeat?

Thank you for sharing your concerns. Limit Login Attempts Reloaded is trusted by nearly 3 million websites worldwide, including some of the largest WordPress websites in the world. The plugin would not have grown to this level if it were manipulating fake login attempts.

Many website owners are unaware of the sheer volume and frequency of brute-force attacks targeting WordPress sites. It can be surprising when they first see the data, but these attacks are a real and widespread issue that security tools help mitigate.

In rare cases, an incorrect hosting setup can trigger illegitimate login attempts that may appear misleading. We discuss this in detail in our guide here: https://www.limitloginattempts.com/blogs/guides/could-these-failed-login-attempts-be-fake/

If you believe there’s an issue with your setup, we’d be happy to troubleshoot and help you better understand what’s happening. Feel free to reach out to our support team.

Best,
LLAR Team

Make sure the rules you applied actually work. Try to access those pages from a not allowed IP and see if it works. It’s not uncommon that the rules are not complete. Also, make sure you don’t have any other login gateways provided by some plugins like Woo or Ultimate Members.

To avoid security risks you need to ask your hosting provider to fix their Cloudflare IP detection. By adding that header you can fix the issue yourself but if an attacker knows that you use this IP origin, they will be able to spoof IP addresses and attack your site w/o limits. But only if they know. That’s why we don’t recommend doing this. Instead you need to fix the root of the problem with your hosting company.

This is a cache file. After you deleted it, there should be a new file generated. In any case, you should not have any issues.

Yes, delete limit-login-attempts-reloaded-de_DE.l10n.php (but keep a backup) and see if that helps.

Your server is misconfigured. To fix that you need to follow these instructions: https://docs.limitloginattempts.com/plugin-settings/advanced-settings/trusted-ip-origins and enter “HTTP_CF_CONNECTING_IP” into the “Trusted IP Origins” field.

Quel plugin utilisez-vous ?