Block Warning

Hi Joyce,

I think the exact message was:

Once you logout, you will be unable to login again because the number of login attempts reaches the limit. Please execute “Clear cache” on Statistics tab to prevent locking yourself out.

Theoretically, it could happen if your IP address was assigned dynamically. Please try to find your IP address on Logs tab, especially in “Login form” and “XML-RPC“. You can easily find out to put your IP address into “Filter logs” text field.

Hi Joyce,

I cleared the cache but my own ip-address remains in Statistics of cache.

This is normal. Right after you cleaned the cache, a new cache immediately would be created but the failed login counter would be set to zero. So you don’t have to clear cache every time you login.

Why not adding a whitelist to the plugin in which one can put his own ip-address so that his own ip-address never will be blocked or locked in.

Because your IP address was cached as login counter reached to the limit which is 5 by default.

Whitelist of extra IP addresses prior to country code (CIDR)

That’s right. The priority of these rules are:

(low) Country code < Whitelist of extra IP address < Limit of login attempts (high)

Actually this plugin has 7 rules to protect your site. The above is one of these.

I assume the IP address assigned for you is not your own but would be time-shared with someone. Of course if you have a fixed IP address and you directly login to your server (not via ISP), then login fail counter would never reach to the limit unless you fails to login.

But imagine, if the IP address is not only for yours, someone who has the same IP by chance can attempt to login so many times. This is the limitation of this plugin based on the IP address.

So if you encounter this issue so often, I do recommend to disable “Max number of failed login attempts per IP address” at least, and use other Limit Login Attempts plugin.

There’s another story. If you use Mobile Apps for WordPress and occasionally fails to connect to your site, then the same issue would happen. Because mobile apps is authenticated via XML-RPC. So if it fails, then the login error counter in cache would be counted up. Please keep this in mind.

Again, please consider to another plugin if you have this issue so often.

Thanks for your understanding in advance.

• This reply was modified 9 years, 2 months ago by tokkonopapa.
• This reply was modified 9 years, 2 months ago by tokkonopapa.

Dear all,

The typical use case of “Whitelist of extra IP addresses prior to country code (CIDR)” is as follows:

If you live in US, but want to block access to your back-end coming from US, you can select “Whitelist” as “Matching rule” and put “XX” into your “Whitelist of country code (ISO 3166-1 alpha-2)“.

There’s no country code “XX”. So if you put your IP address into “Whitelist of extra IP addresses prior to country code (CIDR)“, your site would be very strong against the attacks.

That’s my design.

If someone have any idea about this design, I love to hear that.

Thanks.