Error message shown to all users

  • Micah Miller-Eshleman

    (@micahjm)


    6 years, 11 months ago

    Hi, first of all thanks for a great plugin! It’s really reduced the load on my server.

    Lately, I’ve been contacted by web editors saying that they get an error message on the login form before they’ve even tried to login once. It turns out when I open a new incognito tab and try to login again, I see this message too:

    “ERROR: Too many failed login attempts. Please try again in 12 hours.”

    Fortunately, since we haven’t actually tried to login too many times in the past 24 hours, and our usernames aren’t blacklisted, we’re able to login just fine despite this error message. I’m really not sure why it’s showing up.

    Any ideas? Thanks much!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Micah Miller-Eshleman

    (@micahjm)

    6 years, 11 months ago

    Sorry, it turns out this bug has to do with our recent implementation of a proxy server (Varnish & nginx) in front of Apache, which hosts WordPress.

    In other words, Apache now thinks all users have the same IP address, evil bots and regular users alike. Interestingly enough, most users are still able to login even after seeing this error message.

    Pothi Kalimuthu

    (@pothi)

    6 years, 11 months ago

    Apache now thinks all users have the same IP address

    In this case where Apache sits behind Varnish or Nginx, Apache needs mod_rpaf to find the correct IP address.

    Thread Starter Micah Miller-Eshleman

    (@micahjm)

    6 years, 11 months ago

    Thanks Pothi,

    It turns out that just proxying the client’s IP address through nginx as an “X-Forwarded-For” header seems to have resolved this. I’ll close this issue if I don’t run into further bugs today or tomorrow.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Error message shown to all users’ is closed to new replies.