It’s not uncommon for GoDaddy hosting customers to contact support because they are not familiar with our plugin, nor do they see it installed on their WordPress website. Yet, they still receive failed login alerts by the plugin. We just want to assure you that the plugin is installed, but it’s not visible since GoDaddy hides it if other security plugins are installed, such as Sucuri.
Here’s how it works. GoDaddy, installs our Limit Login Attempts Reloaded on all of their WordPress sites. It’s a smart thing to do as it protects their customers’ sites against brute force attacks. They however do it using MU plugin approach. MU stands for Must Use and allows admins or hosting providers to install some plugins into an inconspicuous directory wp-content/mu-plugins that an uninitiated user would not even notice.
Let’s install a File Manager plugin. Head over to Plugins and click Add New. Search for File Manager.
Here’s what it looks like:
Click Install Now and then activate it. This will give you a tool to examine your WordPress files. Once File Manager has been installed and activated proceed to clicking on it from the left menu:
You should see a similar screen. Now, it’s a matter of navigating to the correct folder.
Using the File Manager interface drill down to wp-content/mu-plugins/plugins. Sure enough, limit-login-attempts-reloaded IS there!
Now, if you don’t see it under Settings, it’s because GoDaddy has a script to checks to see if Sucuri plugin is installed, which then disables Limit Login Attempts Reloaded. This is probably an old patch when Sucuri was not 100% compatible with our plugin. They since fixed it but GoDaddy didn’t modify their script to not do the check. For that we developed a little patch, which is a file that needs to be copied/uploaded into mu-plugins directory. You can grab it from here.