Hey A1exus,
I’m sorry you’re running into this issue. It sounds like someone is using your username in an attempt to gain access. The article below will help you get back in.
http://wordpress.org/support/topic/releasing-ithemes-security-lockouts?replies=2
Thanks!
Gerroald
Thread Starter
a1exus
(@a1exus)
thank you for replying to me, and even though it’s obviously important for me to get back to my site, what’s more interesting to me is why
Why can’t iThemes Security block offenders IPs only instead of username
Why not block that IP and/or network? I didn’t attempt to login with wrong password from my IP, so I should be able to get in without any issues! Your plugin should be smart(er) and as I said earlier just block offenders IP/network and disallow their access not mine!
Does it make any sense?
Hey A1exus,
The attack is likely coming from many different IPs therefor never meeting the lockout requirements you have set. Once you’re back in you can address this one of two ways.
The first, and recommended would be to whitelist your IP.
The second would be to set the “Max Login Attempts Per User” feature to 0 in the Brute Force portion of your settings.
Thanks!
Gerroald
Thread Starter
a1exus
(@a1exus)
Setting Max Login Attempts Per User to “0” isn’t recommended within plugin itself:
The number of login attempts a user has before their username is locked out of the system. Note that this is different from hosts in case an attacker is using multiple computers. In addition, if they are using your login name you could be locked out yourself. Set to zero to log bad login attempts per user without ever locking the user out (this is not recommended)
I think Brute Force Protection could use some improvements, such as I described earlier: instead of blocking username globally (from all IP), why not block that IP (or better network) for extensive period of time thus preventing future brute force attacks and without any interruption to legitimate user.
_THAT_ would make much more sense instead of how it is now! or am I completly off?
Yup…Helllllllllllooooooo…
My email notifications are a major nuisance…79 site lockouts in one day? Attacking IP’s from Lithuania, Beijing, Amsterdam, Montreal, Paris and a couple from Virginia in the US. WTF? This has been going on for well over a month but yesterday was the worst.
I do use Brute Force Protection and I do have a zero setting for bad logins but this is a real nuisance and it does seem that in most of the bad login attempts that it’s repeat offenders, primarily from the locales listed above for all 79 yesterday. My vote is for blocking host IP’s as well. Maybe, at least the perps would get tired of trying to hit on my site.
In the meantime, is there anything that should stop us from changing our log-in user name to something less guessable? I notice the user name log-in attempts tend to run between my domain name and ‘admin’. Only thing is I think that user name is assigned by WordPress or maybe my domain host, I can’t remember, but I don’t think it’s changeable. And anyway, it would still cause all these email notifications to come through.
Maybe the way to go is to allow us to elect to get a digested summary of all email notifications rather than having each bad attempt sent in an individual email.
Another question, what if one of these hackers manages to get logged into someone’s site without their knowing? What kind of dastardly deeds do they get up to by logging into other people’s websites? Just curious. I’m pretty damn amazed by the breadth of this global assault on my little old site.
