Support » Plugin: iThemes Security (formerly Better WP Security) » Banned users not updating

  • Contrary to most users I actually quite like the new update, especially the updated nginx integration.

    One problem I have noticed is that when a function (e.g. brute force protection) locks out an IP the required number of times to qualify for a ban, the IP is not added to the banned users list.

    For example this evening I’ve had 27 email notifications that the same IP has been locked out. The plugin is set to ban an IP after 3 lockouts yet after 27 lockouts it’s not in the ban list.

    It would be great if this could be fixed as it will mean auto-banning when you team it with an nginx reload cronjob every so many minutes.

Viewing 12 replies - 1 through 12 (of 12 total)
  • I’m seeing this too; I was on 4.0.5. Is this fixed in 4.0.8?

    Nope. Nor 4.0.10.

    Still not fixed in 4.0.12.

    Has anyone verified if this is fixed in 4.0.16? I see some mention of banned users in the 4.0.14 update, but want to hear confirmation before updating all my sites.

    Not yet but I will be testing shortly.

    Nope it’s still not working in v4.0.21

    Devs could you please look at this issue?

    This is indeed ridiculous–a most basic protection feature not working. This was reported in an official bug report sent to the dev team over a week ago.

    Oh well. I’m still happy with my non-iThemes version of this plugin!

    Not fixed in v4.0.25.

    I’m experiencing this issue as well in 4.0.25.

    Screenshot of my settings:

    Received the following email at 1:22 a.m., 1:31 a.m., 1:39 a.m., 1:55 a.m. and 2:11 a.m.:

    Dear Site Admin,
    A host,, has been locked out of the WordPress site at http://xxxx due to too many bad login attempts.
    The host has been locked out until 2014-04-18 02:27:37 .
    *This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

    Confirmed in the banned hosts section that the IP address was not added.

    Not fixed v4.0.27.

    Checked “Enable ban users” added IP’s to Ban Hosts box. IP addresses where NOT added to .htaccess file. Went back into plugin and “Enable ban users” was unchecked, but IP addresses still in Ban Hosts box.

    Auto blacklisting or banning of users by IP number still does not appear to be working in version 4.2.15. ( also just noticed this was logged for an earlier version of WordPress) – all of the sites I look after are on 3.9.1

    Would someone from iThemes be able to provide a link to any reasons why this might be happening. It is a key reason that I use the plugin but since that stopped working some months ago I am now looking elsewhere.

    In the changelog for 4.2.15 it says / but I can’t see any difference across multiple sites on multiple hosts.

    “Fixed an issue that was preventing an IP from being permanently banned due to too many lockouts”

    Has anyone else noticed an improvement at all. To me it looks like the auto blacklist rule is still not working.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Banned users not updating’ is closed to new replies.