By the way, currently the Enable Pingback Protection is active.
Hi Zed, did you also enable the following feature Notify By Email: under User Login -> Login Lockdown? If you did then you will receive an e-mail every time someone tries to login and fails. They fail because they don’t know your login details. What other settings do you have enabled under Login Lockdown feature?
Are you also adding these IP addresses to the Blacklist Manager?
currently the Enable Pingback Protection is active
To check if that .htaccess feature is working on your site try accessing the xmlrpc.php directly.
Eg:
type the URL in a browser
yoursite.com/xmlrpc.php
What do you see when you do the above?
Hi mbrsolution,
yes i did enable the notify by email setting. OI understand it should email me when someone tries to login and fails. However, with the custom login URL in place, the only person who should be able to login should be me. I am the only administrator.
Unlock Requests is diabled
Max Login Attempts = 3
Login Retry Time Period (min) = 30
Time Length of Lockout (min): 60
Display Generic Error Message: Checked
Instantly Lockout Invalid Usernames: Checked
Notify By Email: Yes – my email
Hi wpsolutions,
when i go to that page it says: XML-RPC server accepts POST requests only.
BTW i am now having even more login failed attempts. With them trying stupid usernames such as “a” “b” “c” etc.
Kind Regards
Zed
Hi Zed, in regards to your comment below.
when i go to that page it says: XML-RPC server accepts POST requests only.
It means that the ping back protection feature is not working correctly in your site. When I run the same test I get a 404 page not found error message.
Can you disable and re-enable that feature again and make sure you also save the settings? Then can you test the URL again.
yoursite.com/xmlrpc.php
If you receive the same message again as you mentioned above can you check your .htaccess file? You should see something like the following.
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
Hi mbrsolution,
I have noticed that under file permission section of the plugin, i can not change any of the permissions for any files. I can not also download the backup htaccess file (permission set to 0).
When i click the button to change any of the permissions to the recommended permission, i am shown a success message, but within the table it still shows the old permission values.
Any ideas why this is happening?
I can ask our IT team to manually change the htaccess permission via FTP… but will this resolve the permission issues for all the other files and directories?
Thanks
Zed
Hi Zed, it is very strange that you cannot change your file permissions. Are you login in as an administrator? If you are try the following, uninstall the plugin and install a fresh copy. If you still have the same issues then go ahead and ask your IT team to change the permissions for you. That should fix your current issue.
However I am curios to know why can’t you make any changes.
Regards
Hi mbrsolution,
Yes I am logged in as administrator. I only have the one account. I tried to uninstall and reinstall. That didn’t work. I’ll ask the IT guys to make amendments. I have installed two captcha login scripts, which are very difficult to bypass (google + another less popular one) and this seems to be doing the trick. No lockout alerts yet!
Kind Regards
Zed
Hi Zed that sounds like you have resolved your issue.
You can mark this thread as resolved if you think it is.
Regards
Hi mbrsolution,
Whilst using 3 different captcha’s on one page, I am still getting lockout notices.
I have contacted my administrator who has said the website is hosted on a windows ISS server, so doesnt have htaccess; and this is probably why some of the plugin settings isn’t working?
Kind Regards
Hi, well that makes sense now. Running and ISS sever will not implement some of the .htaccess settings in the plugin. You have to find the alternative for your Windows server.
Is your issue now resolved?