If you manage a WordPress Multisite network, securing your sites against brute-force attacks is essential. Limit Login Attempts Reloaded (LLAR) is fully compatible with multisite configurations, but its functionality depends on whether you install the plugin at the subsite level or the network level.
This guide explains how LLAR works within a WordPress Multisite setup and how to configure it for optimal security.
What Is WordPress Multisite?
WordPress Multisite allows multiple websites to operate under a single WordPress installation. These websites can be structured in two ways:
- Subdomains (e.g.,
site1.example.com, site2.example.com) - Subfolders (e.g.,
example.com/site1, example.com/site2)
Limit Login Attempts Reloaded can be installed at either the individual subsite level or the network level, with different configurations depending on the setup.
Installing Limit Login Attempts Reloaded in a Multisite
Installed at the Subsite Level
In this setup, the plugin is installed and managed separately for each subsite.
Key Features:
- Can be uninstalled on a per-site basis.
- Each subsite has its own security settings, logs, and statistics.
- Licensing and cloud settings depend on the multisite structure.
Subdomain Multisite Mode (site1.example.com)
- Cloud License: Must be purchased separately for each subsite or under an agency license.
- Stats and Logs: Managed independently for each subsite.
- Configuration: Each site maintains its own settings.
Subfolder Multisite Mode (example.com/site1)
- Cloud License: One license covers all subsites.
- Stats and Logs: Shared across all subsites.
- Configuration: Each subsite has independent settings since they are stored locally.
Best for: Site owners who need flexibility and control over security settings at the subsite level.
Installed at the Network Level
When LLAR is installed at the network level, it applies to all subsites in the network.
Key Features:
- Cannot be uninstalled by individual subsites.
- By default, settings are controlled by the super-admin in the network dashboard.
- Subsites can be allowed to manage their own settings if the "Let network sites use their own settings" option is enabled.
Cloud Licensing in Network Mode
- A single license applies to all subsites.
- All cloud requests originate from the main network domain, whether using subfolders or subdomains.
- If a subsite switches to local configuration, it must manually enable cloud mode, as it will default to local settings instead of inheriting from the network.
Best for: Super-admins who want a centralized security system for all subsites without requiring individual site management.
Choosing the Right Setup
| Feature | Subsite-Level Install | Network-Level Install |
|---|---|---|
| Can be uninstalled per subsite? | Yes | No |
| Separate security settings per site? | Yes | Optional (if enabled) |
| Cloud license | Per site (subdomains) / One for all (subfolders) | One for all |
| Stats and logs | Separate per site | Shared across network |
| Best for | Independent site security | Centralized security management |
For small networks where individual site owners need control, installing at the subsite level may be the best option. For larger networks requiring uniform security policies, installing at the network level is recommended.
Securing Your Multisite Network
Limit Login Attempts Reloaded provides strong protection against unauthorized login attempts. Whether installed at the subsite or network level, it ensures that each site in your multisite network remains secure from brute-force attacks.
To enhance security, install Limit Login Attempts Reloaded and configure it according to your multisite structure.
About the Author
Greg Fisher has over 20 years of digital marketing experience. Along with Alex Benko, Greg’s has owned and operated several companies including an online travel agency, tour reservation software, and web host. Greg’s responsibilities at LLAR include marketing and user expansion.
Fill out this form to access Demo site
How To Activate Premium
