Support » Plugin: Login Security Solution » Can't log in after brute force attack

  • Resolved ctortola


    My site suffered a brute force attack and now I cannot log in. LSS successfully blocked the attacker, however, the attacker used “admin” as the username and my username is “admin”. I now try to log in and the following happens:

    1) Log in using my credentials and receive a wrong username error
    2) Log in a second time using my credentials and get a 406 Not Acceptable
    3) After a few minutes, I can get back to the wp-admin screen but end up in a loop of the above steps.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    I think you’ll need to disable that plugin before you can make headway. Since you can’t get into the WordPress dashboard try these steps.

    1. Using FTP or whatever filemanagement tools your host has provided you with navigate to the wp-content/plugins directory.
    2. Once there locate and delete the login-security-solution directory. Just that one directory and nothing else.
    3. Try and re-login to your WordPress dashboard.

    If even after that you can’t get in (it may not be the plugin) then give this a read about resetting your password.

    that worked – thanks!

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Cool! Happy to help. 😉

    Plugin Author Daniel Convissor


    Hi Ctortola:

    Your report of the “406 Not Acceptable” is unusual. Login Security Solution does not produce such a result. Do you have some other plugins installed? Have you grep‘ed your code base for 406.

    As far as LSS blocking your login attempts, logging in with an attacked user name should only put you through the password reset process once. During that process, LSS stores the IP address you’re coming in from and puts it on a white list. But that whitelist doesn’t get used if the IP address is the same as the “attacker’s.”

    This can happen for a few reasons:
    * You’re the “attacker” (due to testing, forgetting your password, etc)
    * Your web server is behind a proxy
    * You’ve got malware on your computer
    * You’re on some network (university, corporate, etc) that says you and the “attacker” are coming from the same IP. The “attacker” could be some other user(s) forgetting their passwords.

    The way to help figure out what’s happening is to examine the <prefix>login_security_solution_fail table.


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Can't log in after brute force attack’ is closed to new replies.