Your report of the "406 Not Acceptable" is unusual. Login Security Solution does not produce such a result. Do you have some other plugins installed? Have you
grep'ed your code base for
As far as LSS blocking your login attempts, logging in with an attacked user name should only put you through the password reset process once. During that process, LSS stores the IP address you're coming in from and puts it on a white list. But that whitelist doesn't get used if the IP address is the same as the "attacker's."
This can happen for a few reasons:
* You're the "attacker" (due to testing, forgetting your password, etc)
* Your web server is behind a proxy
* You've got malware on your computer
* You're on some network (university, corporate, etc) that says you and the "attacker" are coming from the same IP. The "attacker" could be some other user(s) forgetting their passwords.
The way to help figure out what's happening is to examine the