WordPress.org

Ready to get started?Download WordPress

Forums

  1. hehafner
    Member
    Posted 1 year ago #

    I've got a problem with the plugin locking out people and I can't get them unlocked. The following is a log of all lockouts in the system. I have 23 lockouts and some are legitimate people just having trouble with a page.

    Please advise.

    Heidi Hafner
    Hafner Designs

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    1. You may need to and you should frequently empty the log data. Goto menu > Security > View Logs > enable all the checkboxes > Remove Data. You may also need to Release Lockout.

    2. Make your the IP is not being banned. Goto menu > Security > Ban Users > Ban Hosts > make sure the IP is not listed here > click Save Changes.

    3. Perhaps you need to check your .htaccess file. View this thread for more detail:
    http://wordpress.org/support/topic/how-to-clear-a-specific-blacklisted-ip

  3. hehafner
    Member
    Posted 1 year ago #

    I have cleared the logs, and do every day now...but it does not clear the "All Lockouts" section. Only the Current Lockouts. I never seem to catch the Current Lockouts either.

    I checked the .htaccess and did not find banned IPs ... I did however, find banned users/IPs in the database.

  4. Handoko
    Member
    Posted 1 year ago #

    Hello.

    And yes, I've just checked and now sure there is one more thing you can do. That is

    4. Clear the lockout information inxxxxxx_BWPS_lockouts table.
    For more information please visit:
    http://bit51.com/fixing-better-wp-security-lockouts/

    Something I want to add. After you clear all the lockouts, you may need to inspect why they get lockout. Normally this plugin will lock or ban bad bots and hackers only. If legitimate users being locked, this may mean something wrong in one of the plugin or theme you're using.

  5. hehafner
    Member
    Posted 1 year ago #

    Most of the lockouts is due to 404 pages. The visitors who did multiple tries with gibberish in the URL were permanently banned. Many of the others, depending on the pages tried and number of times they tried were released.

  6. Handoko
    Member
    Posted 1 year ago #

    Normally, legitimate users won't generate 404 errors. If you having too many legitimate users getting 404 errors, it can be one of your plugin or theme you're using is not properly written.

    You may need to study the log file to find information which plugin (or theme) is the culprit. Then you should contact the author, hope it will be fixed on its next release.

    I ever saw some of the plugins I'm using cause 404 errors.

    Also, many caching plugins if not properly configured, can cause 404 errors too.

  7. Handoko
    Member
    Posted 1 year ago #

    Hello.

    You mentioned gibberish, that's what this plugin works. Legitimate users usually visiting your website and pages via links. Typing gibberish in URL will be considered as hacking attempts, because hackers or bad bots might randomly combine some words in the URL, which is similar to that way, for scanning your website vulnerability or attacking.

    If it frequently bans 'real' visitors, you may consider to:
    - Disable Blacklist Repeat Offender
    - Increase Error Threshold
    - Shorten Lockout Period
    - Even disable the 404 Detection

    Many things can cause 404 errors. It can be simple mistake or a hacking attack. You may need to examine the error logs, study the pattern to know what the problem really is.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.