Email login triggering a lockout?

  • bphilly

    (@bphilly)


    9 years, 6 months ago

    I’m wondering if I am missing a setting somewhere, but it appears when users on my site log in using their email address as opposed to username, they are triggering a lockdown event. I have login lockdown enabled (obviously) and although the users do successfully login in (via email), a record appears in the Failed Login page, showing their email address, with a userid of 0(zero). To me it appears as if the email lookup doesn’t find a matching userid. If a user logs in using their username, there is no failed login record.

    So, either way, they can log in, but another rule I have set up could lock out their IP address.

    I do also run S2Member, although I see this when that plugin is disabled in my test environment.

    I’m running WP 4.6.1 and AIO WP Security 4.1.9.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    9 years, 6 months ago

    Try:
    – deactivating ALL (yes all) plugins temporarily to see if this resolves the problem (plugin functions can interfere). If this works, re-activate them individually (one-by-one) to find the problematic plugin(s).
    resetting the plugins folder by FTP. Also remember to deactivate any plugins in the mu-plugins folder (if you have created such folder). The easiest way is to rename that folder to mu-plugins-old.
    – switching to the unedited default Theme (Twenty Sixteen) for a moment using the WP dashboard to rule out any theme-specific issue (theme functions can interfere like plugins).

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    9 years, 6 months ago

    if it turns out that AIO WP Security is the culprit, please post an issue here:
    https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall

    Thread Starter bphilly

    (@bphilly)

    9 years, 6 months ago

    Thanks for the quick replies! It will take some time for me to test this, but at least I have a test server running.

    We have 16 plugins installed, and are running Divi (child) theme.

    Moderator t-p

    (@t-p)

    9 years, 6 months ago

    If it turnout to be your current theme, then contact this theme’s developers here:
    http://www.elegantthemes.com/forum/

    Thread Starter bphilly

    (@bphilly)

    9 years, 6 months ago

    I’ve done some testing, and with no plugins except AOI Security (renamed the plugins directory, added the AIO plugin only), and running the 2016 theme, using the basic /wp-login screen, I still see the same results if I have the AIO setting “instantly lockout login attempts with usernames which do not exist on your system” whenever I log in using an email address. If I disable that setting, I do not see the IP locking.

    I believe this is a bug. It appears to look for userid = 0 for email logins, and then locks the IP and enters it in the failed logins table, even though the login succeeds. To truly test this, I could start with a new WordPress install from scratch, but I simply don’t have the time to do that now. I’ll post the issue as mentioned above.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Email login triggering a lockout?’ is closed to new replies.