Lockdown events with brute force login ip whitelist enabled

  • Resolved Passionate Programmer Peter

    (@peterschulznl)


    3 years, 9 months ago

    Hi,

    My setting:
    I have brute force login ip whitelist enabled. As far as I understand this setting, only ip addresses listed should be be able to login. This seems to work correctly, as I can only login from my private ip address.

    My presumption:
    Since the brute force login ip whitelist rule is added to the .htaccess file, I would expect to see no more lockdown events. I am however still getting lockdown events for users who have exceeded the max login attempts.

    My question:
    Is my presumption wrong? Or have I (or the plugin) missed another entrance? Or there other ways to login I need to secure?

    Thank you very much for your time,
    Peter

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    3 years, 9 months ago

    Hi,

    Have you also enabled Enable Auto Block of SPAM Comment IPs:?

    Thank you

    Thread Starter Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Hi,

    It was disabled. I enabled it, but I don’t understand the relevance. A user does not login when trying to add a spam comment. Or am I wrong?

    The brute force login ip whitelist rule is added to the .htaccess file. So, I would expect that no login request will ever reach the web server, unless the ip address of the user is whitelisted. Is that correct? Or am I missing something?

    Thanks,
    Peter

    Plugin Contributor mbrsolution

    (@mbrsolution)

    3 years, 9 months ago

    Hi,

    A user does not login when trying to add a spam comment. Or am I wrong?

    Yes you are correct. However this feature also blocks IP addresses, which is what you are trying to achieve.

    Have you also enabled one of the following features? These are located in WP Security -> Firewall -> Basic Firewall Rules.

    Completely Block Access To XMLRPC:
    Disable Pinback Functionality From XMLRPC:

    Let me know if the above helps you.

    Thank you

    Thread Starter Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Great! 🙂

    That solved it, and I learned something new. I knew there was another entrance! Now I also know how to close it… 😉

    Thank you very much!
    Peter

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Lockdown events with brute force login ip whitelist enabled’ is closed to new replies.