Blog > Guides > Why am I Still Seeing Login Attempts After The IP Was Blocked?

Why am I Still Seeing Login Attempts After The IP Was Blocked?

Explore the reasons why you’re still seeing blocked IPs make login attempts.

| April 9, 2021 | 4 Min Read

It’s common to see blocked IP’s attempting to make login attempts after being locked out. They are not a threat, and will fail. To stop a malicious IP completely, you would need a filter of all traffic that goes to your website before it hits your WordPress installation. This is only possible when you use an extra level of software called a "reverse proxy".

Filter Traffic Using A Revery Proxy

A reverse proxy is a server that sits between client devices and a web server, forwarding client requests to the web server and returning the server's responses to the clients. Unlike a traditional forward proxy, which is used to protect clients by obscuring their identities, a reverse proxy is positioned to protect servers by handling tasks such as load balancing, SSL encryption, caching, compression, and serving as an additional layer of security.

Key functions of a reverse proxy

  1. Load Balancing: Distributing incoming network traffic across multiple servers to ensure no single server bears too much load, improving performance and redundancy.
  2. SSL Termination: Managing the encryption and decryption of SSL/TLS connections on behalf of the web server, offloading this resource-intensive task from the server.
  3. Caching: Storing copies of static assets like images, stylesheets, and scripts to reduce server load and improve response times.
  4. Security: Acting as a barrier between the internet and web servers, protecting them from direct exposure and potential security threats. It can also perform tasks such as access control, authentication, and protecting against DDoS attacks.
  5. Compression: Compressing outgoing responses to reduce bandwidth usage and improve page load times.

By performing these functions, a reverse proxy enhances the efficiency, security, and scalability of web servers, making them more resilient to high traffic volumes and potential security threats.

Why We Don't Recommend Reverse Proxies

When employing a reverse proxy, every incoming request to your site, including login attempts, is initially directed to the proxy. If the proxy possesses intelligent filtering capabilities, it will reject malicious requests while permitting legitimate ones. Subsequently, the approved requests will reach your website.

There are 2 main problems with reverse proxies

  1. They are difficult Implement: They are usually not easy to implement and hiring a web developer is required. You will have to give the developer access to your domain management console and/or your hosting account console. Also, you will have to install additional WordPress plugins that will make your site compatible with these proxies.
  2. They are too generic: They are not dedicated to WordPress exclusively, instead they try to cover all websites. Hence, they have much less information to decide whether a request is bad or not, compared to more focused solutions like Limit Login Attempts Reloaded.

A typical WordPress installation doesn't use a proxy and all requests will reach your website. At this point, the Limit Login Attempts Plugin comes into play. The plugin decides if a request is legit enough to at least let it try to log in, and if it's not, it stops the attempt right away.

Given that all requests reach the site, you may still observe login attempts in your log even after implementing blocks on associated IPs, usernames, or countries. The key lies in the fact that, although all these attempts are denied, they are still logged.

Will Upgrading To Premium Fix This Issue?

While opting for the premium upgrade introduces multiple features aimed at protecting your website, it's important to note that unsuccessful login attempts will still be visible in your logs. The premium version efficiently handles denied requests by absorbing them in the cloud, alleviating strain on your servers, particularly during heightened brute force attacks. Additionally, the premium version leverages active databases containing information on malicious IPs, enabling proactive detection and enhancing overall security measures.


In conclusion, effectively preventing login attempts without the aid of an additional layer of protection, such as a "reverse proxy," proves challenging. While the Limit Login Attempts Reloaded plugin serves to deny malicious login attempts, it is important to note that, despite being blocked, these unsuccessful attempts will still be logged. Implementing additional security measures, like a reverse proxy, becomes crucial for a more comprehensive defense against persistent threats sitewide.

About the Author

Greg Fisher is the CMO and co-founder of Limit Login Attempts Reloaded, spearheading the company’s content and user acquisition.