What is locking you out? If its a plugin you can disable the plugins using FTP to rename the plugins folder.
The hacker is trying so many times to log into my website that it locks the website and tells me to try again in 24 hours. It’s now going on a week that I’ve been unable to to log into my website. If there are more than 4 attempted log ins, it locks up and doesn’t allow log ins.
I should say, four attempted log ins that have failed because either the username, password or both are incorrect.
The hacker is trying so many times to log into my website that it locks the website and tells me to try again in 24 hours.
But it shouldn’t be locking your ip address out. What security plugin are you using for brute force protection?
Well it is…I’m having to wait to log in. I’m just using the regular……../wp-admin login. .I don’t know what the brute force plug in is. I will have to figure out what that is and look into it.
There is a security plugin blocking you or its at the hosting level. It is not the standard WordPress install that would do that. So I’ll say again you will have to disable the plugin to regain access. What is the url to the site?
I see what you are referring too Radices. It is a plug in on the website…is there a better security plugin you’ve used?
i It is a plug in on the website…is there a better security plugin you’ve used?
It may be a simple case of learning how to use the one you already have, but your question will be difficult to answer unless you share the name of the plugin you’re currently using with us.
Hi, I will add some opinions to discussion sorry, but if:
1) your webserver (or host) and by extension database is safe to deny all unauthorized access
2) your WordPress installation was done the right way, aka “each user for each specific rights”
3) there is no need for a security plugin
But it’s just my personal opinion, running a few sites for years.
If you or your hosting company are using a reverse proxy server of some sort, your security plug in what ever it is would be seeing all logins coming from the proxy’s IP address.
If that’s the case, and you can’t configure the WordPress or the plug-in to see the real users IP, put a captcha on the login, that will block the majority of brute force attacks which are whats triggering the lockouts.
If you can’t login to disable the security plug-in, just rename it via ftp.
