WordPress.org

Ready to get started?Download WordPress

Forums

Stop Spammers
Users being blocked (9 posts)

  1. dbeaty2
    Member
    Posted 4 months ago #

    In the last month many of my registered users are being blocked from logging in to the site. The reason code for most of them in the history shows:

    /wordpress/wp-login.php Cached bad ip

    or

    /wordpress/wp-login.php Akismet

    I don't even know how many legitimate registrations are being denied because of this. What settings should I use to fix this. I am using the latest version of 5.8.1 I think and Askimet. Also using forum bbPress.

    The plugin does not email me when users request Whitelist, so it took a while to figure out they were denied and left the site.

    I turned on Log so I can start seeing what's wrong.

    https://wordpress.org/plugins/stop-spammer-registrations-plugin/

  2. kpgraham
    Member
    Plugin Author

    Posted 4 months ago #

    Akismet stopped working. It is disabled in the current version. Please upgrade. I will be releasing a newer version very soon that has a second chance captcha for those denied access.

    Keith

  3. haggertypat
    Member
    Posted 4 months ago #

    I've experienced this problem as well, but I've also recently starting having users blocked for other, non-akismet reasons that don't make sense (too quick on pages that users take a lot of time on, or on wp-activate.php which should be quick. Any thoughts?

  4. kpgraham
    Member
    Plugin Author

    Posted 4 months ago #

    Once users are in the bad-cache for whatever reason they will be blocked for a few hours. Clear the cache on the history page.

    The latest version offers a second chance captcha for those who are blocked and so far the spambots are no filling it out. The captcha only works for sites that have the gd graphics installed, which is usually standard.

    I had to add the captcha (it is optional, though) for cases where some users are blocked and should not be.

    Keith

  5. dbeaty2
    Member
    Posted 4 months ago #

    I wish I could share my settings somehow, something is amiss, I have the latest version with Captcha, now I am getting 10-20 registrations a day. Not posting spam, but I suspect these registrations are spammers. As before I was getting one a week or so.

    In general - Add Admins to white list checked
    Check credentials on all login attempts: unchecked
    Check IP address checked

    Enable StopForumSpam Lookups: checked
    Wordpress API key entered
    Spam Limits: All Defaults

    Other Checks: Everything here on except
    Check for quick responses (disabled if caching is active): unchecked
    Blacklist searches for WordPress PHP files:unchecked
    Blacklist login attempts using 'admin' userid:unchecked
    Check for TOR:unchecked
    Check IP against the Akismet db on logins unchecked
    Check IP against the Akismet db on comments: unchecked

    Events To Check Everything on except
    Check IP on wp-login.php: (As it was blocking registered users) unchecked
    Don't check plugin forms: unchecked

  6. kpgraham
    Member
    Plugin Author

    Posted 4 months ago #

    Login and Register are the same program: wp-login.php. If you unchecked the wp-login.php box, then there are no checks for registrations. You are getting hits of spammers trying to register because you chose not to check them.

    Keith

  7. kpgraham
    Member
    Plugin Author

    Posted 4 months ago #

    dbeaty2,

    I just added code to check action=register even if you un-checked wp-login, so you can permit logins and still check registrations.

    I think some people will want it the other way around, but I don't have time to add a new option flag.

    I'll put it out tonight as I have to fix another bug and it has to go out soon.

    Keith

  8. dbeaty2
    Member
    Posted 4 months ago #

    I appreciate your plug in and help Keith. I somewhat understand how it works, but I do not have 100% understanding.

    I'm going through and trying to contact all the users that were banned back in Feb, and email them to tell them I am fixing it.

    I am checking the Check IP on login.

  9. kpgraham
    Member
    Plugin Author

    Posted 4 months ago #

    WordPress uses the same program to register as login.

    If you unchecked "Check IP on wp-login.php" then you disabled registration checks as well. By letting users login without checking them, you let spammers try to register without being checked.

    Keith

Reply

You must log in to post.

About this Plugin

About this Topic