Enable Login Lockdown Feature

Resolved Grant Noel
(@epicvisionzone)

5 years, 1 month ago

We had the User Login setting checked for: Enable Login Lockdown Feature

We believe a Bot keeps trying to gain access to our site using a specific IP series. After so many attempts, the entire website gets locked out and even as Admin we cannot gain access to our website.

We then have to Stop our Instance on AWS, and restart. Not an ideal way to do this.

If we uncheck the Enable Login Lockdown Feature everything works fine except that a Bot can then keep trying to login without being locked out.

We can check the above box and then also check the Instantly Lockout Invalid Usernames.

But, not sure if this is the best route to go.

We could also use the Blacklist Manager and input the IP range to block. However, there is a big warning that comes up saying the Admin could get logged out permanently.

Any recommendations or suggestions?

Thanks

Viewing 15 replies - 1 through 15 (of 23 total)

1 2 →

Plugin Contributor mbrsolution
(@mbrsolution)

5 years, 1 month ago

Hi, please check the following documentation. I believe this will help you.

https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

Let me now how you go.

Kind regards
Thread Starter Grant Noel
(@epicvisionzone)

5 years ago
Thanks, so far we have followed the instructions.

The issue seems to be that we are getting an invalid certificate self-hosted on AWS but the AWS certificate is issued by AWS, and has been in use for 9 months.

And, we haven’t changed the certificate at all.

All of a sudden not working. We can stop the AWS instance and Start the Instance, but after 2 hours it fails again with the invalid certificate.

Thanks for your earlier response.
- This reply was modified 5 years ago by Grant Noel.
Plugin Contributor mbrsolution
(@mbrsolution)

5 years ago

Hi, you might have to speak to your host about this issue. Let me know what they say.

Thank you

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

We continue to have issues, but some of them appear to be not working with WP Security.

We try for instance to change the DB prefix and we get the following error message:
The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.

We also cannot write to the htaccess file.

But, in both cases, we have the write permissions set correctly, unless there is something special we need to do.

Thanks,

Plugin Contributor mbrsolution
(@mbrsolution)

5 years ago

Hi,

The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.

We also cannot write to the htaccess file.

This looks like a file permission issue. You need to investigate why you can’t edit these files. I recommend you speak to your host about this issue.

But, in both cases, we have the write permissions set correctly, unless there is something special we need to do.

Carry out a plugin/theme conflict test? Also what type of server is your site hosted in?

Thank you

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

The site is hosted on AWS. We continually have to Stop the instance, STart the instance where it will run for about an hour and a half and then fail on a time-out.

Plugin Contributor mbrsolution
(@mbrsolution)

5 years ago

Did you try the documentation I shared above?

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

Is there a program to do a plugin/theme conflict or simply deactivating.

Thanks,

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

Yes, we activated:
Completely Block Access To XMLRPC:

I believe the documentations says it will write an entry to htaccess, but the plugin cannot access htaccess.

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

I added the following to htaccess but I still get this message:
XML-RPC server accepts POST requests only.

Here is what I added to htaccess: (can this code go anywhere in htaccess so long as not within comments or IF statements

#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

I just found this, not sure if it applies or not:
https://ankit.digital/find-htaccess-in-aws-linux-ami-wordpress-installation.html

Apparently aws does not recognize the htaccess file but uses what is detailed in the above.

Not sure how this affects WP Security

Plugin Contributor mbrsolution
(@mbrsolution)

5 years ago

Thank you for providing more information. Now I understand your situation better. Our plugins Firewall Rules writes to the .htaccess file. Unfortunately you can’t use any of these features because your server does not write to .htaccess file. If you want to use these features you need to search for the alternative code that writes to your httpd.conf file.

Kind regards

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

We can add the information according to this video:
https://docs.bitnami.com/aws/infrastructure/lapp/administration/use-htaccess/

We just need to know what goes into that file. i.e. the htaccess file used by Bitnami

Are you able to help with this?

I can send you the file that comes from Bitnami if that helps.

Thanks,

Plugin Contributor mbrsolution
(@mbrsolution)

5 years ago

Hi, unfortunately that is something you need to investigate with your host support. My server runs Apache and writes to the .htaccess file.

You are welcome to share your findings here to help others who might run into the same issue.

Thank you

Thread Starter Grant Noel
(@epicvisionzone)

5 years ago

So does anything in WP Security work with our site or is it all redundant because the plugin can’t write to htaccess?

Viewing 15 replies - 1 through 15 (of 23 total)

1 2 →

The topic ‘Enable Login Lockdown Feature’ is closed to new replies.