WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Banned users not updating (13 posts)

  1. Wanderlusters
    Member
    Posted 3 months ago #

    Contrary to most users I actually quite like the new update, especially the updated nginx integration.

    One problem I have noticed is that when a function (e.g. brute force protection) locks out an IP the required number of times to qualify for a ban, the IP is not added to the banned users list.

    For example this evening I've had 27 email notifications that the same IP has been locked out. The plugin is set to ban an IP after 3 lockouts yet after 27 lockouts it's not in the ban list.

    It would be great if this could be fixed as it will mean auto-banning when you team it with an nginx reload cronjob every so many minutes.

    https://wordpress.org/plugins/better-wp-security/

  2. bstritesky
    Member
    Posted 3 months ago #

    I'm seeing this too; I was on 4.0.5. Is this fixed in 4.0.8?

  3. Wanderlusters
    Member
    Posted 3 months ago #

    Nope. Nor 4.0.10.

  4. Wanderlusters
    Member
    Posted 3 months ago #

    Still not fixed in 4.0.12.

  5. bstritesky
    Member
    Posted 3 months ago #

    Has anyone verified if this is fixed in 4.0.16? I see some mention of banned users in the 4.0.14 update, but want to hear confirmation before updating all my sites.

  6. Wanderlusters
    Member
    Posted 3 months ago #

    Not yet but I will be testing shortly.

  7. Wanderlusters
    Member
    Posted 3 months ago #

    Nope it's still not working in v4.0.21

  8. Wanderlusters
    Member
    Posted 3 months ago #

    Devs could you please look at this issue?

  9. bstritesky
    Member
    Posted 3 months ago #

    This is indeed ridiculous--a most basic protection feature not working. This was reported in an official bug report sent to the dev team over a week ago.

    Oh well. I'm still happy with my non-iThemes version of this plugin!

  10. Wanderlusters
    Member
    Posted 3 months ago #

    Not fixed in v4.0.25.

  11. Matt
    Member
    Posted 3 months ago #

    I'm experiencing this issue as well in 4.0.25.

    Screenshot of my settings: http://www.screencast.com/t/3AAHSoknZ3n

    Received the following email at 1:22 a.m., 1:31 a.m., 1:39 a.m., 1:55 a.m. and 2:11 a.m.:

    Dear Site Admin,
    A host, xxx.xxx.xxx.xxx, has been locked out of the WordPress site at http://xxxx due to too many bad login attempts.
    The host has been locked out until 2014-04-18 02:27:37 .
    *This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

    Confirmed in the banned hosts section that the IP address was not added.

  12. gyarnold
    Member
    Posted 3 months ago #

    Not fixed v4.0.27.

    Checked "Enable ban users" added IP's to Ban Hosts box. IP addresses where NOT added to .htaccess file. Went back into plugin and "Enable ban users" was unchecked, but IP addresses still in Ban Hosts box.

  13. Jason Kemp
    Member
    Posted 2 days ago #

    Auto blacklisting or banning of users by IP number still does not appear to be working in version 4.2.15. ( also just noticed this was logged for an earlier version of WordPress) - all of the sites I look after are on 3.9.1

    Would someone from iThemes be able to provide a link to any reasons why this might be happening. It is a key reason that I use the plugin but since that stopped working some months ago I am now looking elsewhere.

    In the changelog for 4.2.15 it says / but I can't see any difference across multiple sites on multiple hosts.

    "Fixed an issue that was preventing an IP from being permanently banned due to too many lockouts"

    Has anyone else noticed an improvement at all. To me it looks like the auto blacklist rule is still not working.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.