OUTRAGEOUS !
anybody in contact with wordpress knows about the LLAR plugin, part of any standard wp installation, endorsed by wp org … LLAR stands for Limit Login Attempt Reloaded
look what we found:
since january ’25 we’re having an eye on LLAR because we noticed a weired pattern, after each plugin update we got a burst of blocked login attempt reports from that plugin, not much, but 10-20 for a couple of days, they came basically from two different /24 networks from the same service provider
those IP’s weren’t logged by our web server and we refined our htaccess rules, we redirected them to a catcher page and logged everything, the result was interesting, login attemps reported by LLAR were not in the log
LLAR’s reports include the login name and source IP, the login name indicates that the attempt was made by using wp-login.php, which is the only way the login name can come up
last two upgrades we got 150 to 250 fake attempts reported from this plugin, view their report below, as all the month before no trace in server log
who doesn’t is into technical, note, that wordpress cms runs on webservers with a html/php/sql environment, all incoming requests to the site are in FIRST PLACE handled by the server and then go through to the wordpress site
wordpress and none of its plugin has knowledge of what happens on the server part before getting the access request from the server ….
funny part is, together with the reports, that we, as well as you, get always an “invitation” to buy a premium upgrade in order to know more about the attempts and be safer … you probably understand already what it is about …
so are we dealing with fear-maker fake reports to trick people into paying the upgrade?
how far does it go? wp get’s comission or how is it possible that they endorse such a piece of software?
that is the right question to ask.
REMARK: if you are interesting we can provide you FOR FREE and without any condition the working htaccess rules to protect your site, together with the log-it scenario, you just need to change some lines to match your server name, just send a message and we send you the files
meanwhile, have a look at the last LLAR fake report graph
Disclaimer: We had the idea to show our good intentions and tried to report the issue to wordpress, but that idea wasn’t so good
there is no suitable contact address on wp sites
they just do what they do best, finding how to say “Core Ineligible Findings are out of scope.” and reject it
so we skip that part then
Leave a Reply