WordPress.org

Support

Support » Plugins and Hacks » All Lockouts

All Lockouts

Viewing 6 replies - 1 through 6 (of 6 total)
  • Handoko
    Participant

    @handoko-zhang

    1. You may need to and you should frequently empty the log data. Goto menu > Security > View Logs > enable all the checkboxes > Remove Data. You may also need to Release Lockout.

    2. Make your the IP is not being banned. Goto menu > Security > Ban Users > Ban Hosts > make sure the IP is not listed here > click Save Changes.

    3. Perhaps you need to check your .htaccess file. View this thread for more detail:
    http://wordpress.org/support/topic/how-to-clear-a-specific-blacklisted-ip

    hehafner
    Participant

    @hehafner

    I have cleared the logs, and do every day now…but it does not clear the “All Lockouts” section. Only the Current Lockouts. I never seem to catch the Current Lockouts either.

    I checked the .htaccess and did not find banned IPs … I did however, find banned users/IPs in the database.

    Handoko
    Participant

    @handoko-zhang

    Hello.

    And yes, I’ve just checked and now sure there is one more thing you can do. That is

    4. Clear the lockout information inxxxxxx_BWPS_lockouts table.
    For more information please visit:
    http://bit51.com/fixing-better-wp-security-lockouts/

    Something I want to add. After you clear all the lockouts, you may need to inspect why they get lockout. Normally this plugin will lock or ban bad bots and hackers only. If legitimate users being locked, this may mean something wrong in one of the plugin or theme you’re using.

    hehafner
    Participant

    @hehafner

    Most of the lockouts is due to 404 pages. The visitors who did multiple tries with gibberish in the URL were permanently banned. Many of the others, depending on the pages tried and number of times they tried were released.

    Handoko
    Participant

    @handoko-zhang

    Normally, legitimate users won’t generate 404 errors. If you having too many legitimate users getting 404 errors, it can be one of your plugin or theme you’re using is not properly written.

    You may need to study the log file to find information which plugin (or theme) is the culprit. Then you should contact the author, hope it will be fixed on its next release.

    I ever saw some of the plugins I’m using cause 404 errors.

    Also, many caching plugins if not properly configured, can cause 404 errors too.

    Handoko
    Participant

    @handoko-zhang

    Hello.

    You mentioned gibberish, that’s what this plugin works. Legitimate users usually visiting your website and pages via links. Typing gibberish in URL will be considered as hacking attempts, because hackers or bad bots might randomly combine some words in the URL, which is similar to that way, for scanning your website vulnerability or attacking.

    If it frequently bans ‘real’ visitors, you may consider to:
    Disable Blacklist Repeat Offender
    Increase Error Threshold
    Shorten Lockout Period
    – Even disable the 404 Detection

    Many things can cause 404 errors. It can be simple mistake or a hacking attack. You may need to examine the error logs, study the pattern to know what the problem really is.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘All Lockouts’ is closed to new replies.