Plugin Author
Pascal
(@iqpascal)
Hi,
Where do you see these login attempts?
Thread Starter
ajcke
(@ajcke)
I use another plugin called Limit Login Attempts which logs each lock out. Here are the last few that have been logged since the plugin was installed and configured. Fortunately none of these users exist in our WordPress.
142.4.19.96 Administrator (1 lockout)
70.208.197.175 (1 lockout)
37.239.46.50 admin (1 lockout), oh (1 lockout)
46.119.116.93 admin (1 lockout)
176.102.37.85 admin (5 lockouts)
173.224.218.240 ardin (1 lockout)
105.227.144.16 admin (1 lockout)
108.52.210.24 admin (1 lockout)
42.100.79.248 admin (1 lockout)
175.141.116.187 admin (1 lockout)
176.126.225.242 admin (1 lockout)
171.97.80.245 admin (1 lockout)
171.97.79.180 admin (1 lockout)
171.6.146.18 admin (1 lockout)
109.86.15.95 admin (32 lockouts)
203.62.1.79 admin (1 lockout)
181.163.35.132 admin (1 lockout)
134.249.48.189 admin (4 lockouts)
95.129.166.184 admin (2 lockouts)
213.167.38.243 Admin (1 lockout)
46.25.29.221 Admin (1 lockout)
85.236.167.210 Admin (1 lockout)
98.16.85.58 (1 lockout)
94.249.236.117 admin (1 lockout)
213.208.191.70 Administrator (1 lockout)
217.79.62.98 Administrator (1 lockout)
36.46.227.246 admin (1 lockout)
1.84.175.205 admin (1 lockout)
46.1.3.150 admin (1 lockout)
213.136.92.141 http://amihealthc (3 lockouts), are.ae/ (1 lockout)
5.61.38.192 admin (2 lockouts)
204.210.236.183 (1 lockout)
Plugin Author
Pascal
(@iqpascal)
Hi,
This plugin probably loads before iQ Block Country blocks the attempts. You can try to deactivate iQ Block Country and reactivate it again. It will try to become the first loaded plugin.
Thread Starter
ajcke
(@ajcke)
Thanks. I’ll give it a try. Is there a way to test?
Plugin Author
Pascal
(@iqpascal)
If the iQ Block Country plugin loads first you should see the attempts being blocked on the statistics page.
Thread Starter
ajcke
(@ajcke)
This may have worked. The last failed login attempt from outside this country was 3 days ago. What statistics page are you referring too?
I notice this too, as I get log results from Sucuri or WordFence. Both report IPs that should never even be able to attempt to login.
In some cases, I see from the IQ log that users from these countries are being blocked, but at other times, other IPs from the same countries are able to attempt a login.
No intent to hijack the thread but just thought I’d mention that I’m having the same issue.
I’ve installed IQ and configured to block access to the backend for all countries except the U.S. I was hoping this would cut down on the many brute-force login attempts we get daily as most of them seem to be coming from Europe and Asia.
So far Wordfence has been showing the same amount of lockouts occurring due to invalid logins as before I installed. Almost all IPs are still from outside the U.S.
I’ve tried deactivating and reactivating with no change. Anything else I might try?
Thread Starter
ajcke
(@ajcke)
I’m still having the same issue as well.
