WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
Login lockdown blocks access from WordPress.com services (7 posts)

  1. Samuel Aguilera
    Member
    Plugin Contributor

    Posted 8 months ago #

    Hi!

    I have detected (in at least two sites) that when the login lockdown protection is active, WordPress.com services that needs access to the site (some of them provided by Jetpack) are blocked.

    It's weird, but they get blocked as if they tried to login using the username 'username'

    Below you can see some IP examples, so you can check that they're legitimate IP addresses:

    66.155.8.206
    192.0.81.121

    This issue it's a bit weird because WordPress.com services uses XML-RPC protocol, but somehow the login lockdown protection catch the requests and blocks them.

    PS. The Pingback Protection is disabled.

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. Samuel Aguilera
    Member
    Plugin Contributor

    Posted 8 months ago #

    No comments for this? :(

  3. wpsolutions
    Member
    Plugin Author

    Posted 8 months ago #

    they get blocked as if they tried to login using the username 'username'

    Are locked out entries being shown in the table on the login lockdown page?

  4. Samuel Aguilera
    Member
    Plugin Contributor

    Posted 8 months ago #

    Yes

  5. mra13
    Member
    Plugin Author

    Posted 8 months ago #

    Login login lockdown feature will basically lockout any bot. Unless a human is accessing your login form, it will block it. If you do need a bot to be able to acccess your login form then don't use the login lockdown feature. Do you see this issue when you turn off the login lockdown feature?

    Did you do some debugging on your site so see what jetpack is doing to trigger it?

  6. Samuel Aguilera
    Member
    Plugin Contributor

    Posted 8 months ago #

    I don't need any bot to use the login form. Jetpack doesn't use the login form for anything. It uses XML-RPC protocol.

    Due to the fact that AIOWPS is messing with the authentication system, replacing wp_authenticate_username_password core function with your own function, maybe you should consider this as a possible bug.

    That's why I'm reporting this to you.

    But if you feel that there's nothing to check at your side... It's ok, simply tell me please.

    I have been using other security plugins for login protection and never happen this.

  7. mra13
    Member
    Plugin Author

    Posted 8 months ago #

    I understand what you are saying but we had to override it so we could offer all the other login lockdown features. There is no other way (at this stage) to use the core function and offer all the lockdown features it does. I will try to setup jetpack on a site and do some investigation.

Reply

You must log in to post.

About this Plugin

About this Topic