iThemes Security (formerly Better WP Security)
getting 418 error with blank page showing on the word "error" (7 posts)

  1. Stav Pan Geffen
    Posted 2 years ago #

    network tab on chromes devtools shows that i haven't received any file and my index file received 418 "i'm a teapot" error.

    I found that on of better wp securitys updates there's something with 418 and this is how i ended up here. Could you help me with this, the site comes back, but disappears behind this 418 error again after a few minutes of activity on wordpress dashboard.

    I've also checked the ban lists and there's nothing there..


  2. tinozee
    Posted 2 years ago #

    I had a user locked out with this msg as well today. He was able to get back in but still not sure why he got this msg. Any info on this? Ways to prevent and repair?

  3. Stav Pan Geffen
    Posted 2 years ago #

    I don't know about prevention, but whenever it happends i go to better wp security mysql tables and erase those instances with the rellevant ip, than i get a brake from this bug. For a while..

  4. tinozee
    Posted 2 years ago #

    Tx. I am new to this plugin. Is there a whitelist in the plugin for IPs that should be ignored?

  5. lalitc
    Posted 2 years ago #

    I am facing the same problem and saw plugin code that return 418 status with "error" response in inc/secure.php file but I am new to WordPress so Not able to figure out what's going wrong there and what causes execution of that block of code.
    Another thing I am doubtful about is, If it has anything to do with IP blocking as I can see this problem from other networks from where I never accessed site before.
    Please share when you guys started seeing this problem and what you found on this. We might arrive to something to prevent it.

  6. lalitc
    Posted 2 years ago #

    Hey guys, Just found the following line in the plugin code comments, just above the function which does Username or IP lockout:
    @param int $type Type of event to log 1 for bad login, 2 for 404

    I think this certainly explains that lockout can happen because of two reasons.
    1. Bad logins - Number of login attempts above some limit from Username/IP
    2. 404 - When a user request a resource which does Not exist.

    Also, with the help of two WordPress database tables (wp-prefix_bwps_lockouts and wp-prefix_bwps_logs), I was able to figure out that problem I am facing is because of Reason 2.

    But the doubt I have now is, If its correct implementation in plugin where, even though server returns 404 response (which is server side issue), user's faces IP lockout.

  7. ChetanTiwari
    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.