Support » Plugin: IP Geo Block » Locked out even if whitelisted

  • Even like before I was locked out of a site by the plugin when I entered a wrong 2 Factor Authentication code on the login screen. What is really strange is that I did the incorrect 2FA code on my first login attempt. I then proceeded to enter a valid 2FA code on the second login attempt and got access to the site. Only then when I attempted to go to the Dashboard did IP-GEO block me. I used the emergency access option in the PHP file. Once in I checked any my IP address is in IP-Geo whitelist.

    I have had to keep the emerg access in place since the plugin is blocking me from logging in. This even after I cleared the WP-Cache for the site.

    Question is why is this plugin blocking me? The number of failed attempts for each IP is 3 and I only had one failed attempt. Only way I can disable the emerg access option in the plugin and still be able to login via 2FA is if I set the number of failed login attempts block to DISABLED.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @frustrated999,

    I’m very sorry for your lockout so many times. Honestly speaking, 3.0.4.1 have a bug of blocking login attempts. The counter of login fail would go 1, 3, 5, … So if you configure “Max number of failed login attempts per IP address” as 5, then you would be lock out at 4th.

    Father more, the internal priority of whitelist for country code and IP addresses is the lowest priority to block malicious access against the plugins/themes vulnerability.

    I’ll release a new version next week.

    I’d deeply appreciate the patience m_(. .)_m

    After 1 month of installation all admins blocked by it self without reason and unable to login. There is no easy way to handle.

    I edited ip-geo-block.php and re-activated emergency codes but did not work.
    Can you give me solution for this?

    weborise

    (@josephthiery)

    Very glad to know because I was locked out of 3 sites Today. I had to deactivate the plugin through ftp. But I’m unsure how I can install this again as for now each time I reinstall the plugin, I’m instantly locked out again.

    But I have to say THANK YOU FOR YOUR HARD WORK !!!

    Thanks to you we have a solution. I feel sorry for you when you get a bad comment and bad review on a bug while I can see you work so hard to make it all working for FREE. Thank you !

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @josephthiery,

    It’s my pleasure 🙂

    weborise

    (@josephthiery)

    🙂

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @wasiul99,

    Sorry but I missed your comment 😉

    Can you give me solution for this?

    Sure!

    First of all, the reason why the emergency functionality didn’t work is my mistake. You can find the following in “ip-geo-block.php”:

    function ip_geo_block_emergency( $validate ) {
    	$validate['result'] = 'passed';
    	return $validate;
    }
    add_filter( 'ip-geo-block-login', 'ip_geo_block_emergency' );
    add_filter( 'ip-geo-block-admin', 'ip_geo_block_emergency' );

    But the priority should be the highest like this:

    function ip_geo_block_emergency( $validate ) {
    	$validate['result'] = 'passed';
    	return $validate;
    }
    add_filter( 'ip-geo-block-login', 'ip_geo_block_emergency', 1 );
    add_filter( 'ip-geo-block-admin', 'ip_geo_block_emergency', 1 );

    If you have the same issue, please correct my mistake. I’ll update sooner.

    Regarding the reason you suddenly could not access your login form, it could be happened if your IP address is assigned dynamically. Basically, there are 2 methods of blocking login attempts, e.g. user name based blocking and IP address based blocking. Both are not perfect. So if you have the same experience so frequently, I should implement other method.

    I hope you to keep using this plugin and let me know your logs in this plugin.

    Thanks for your asking.

    I am getting frustrated with this plugin. I went to login to one of the websites I used on it and again got locked out.

    I have 5 set to max attempts I have IP whitelisted which I find does nothing to prevent lockouts. Only other security plugins I use is

    WordFence Version 6.3.17
    iThemes Security Version 6.5.1

    I am also using Cloudflare caching and have disabled WP Supercache plugin.

    There is no use having this plugin if I can not reliably login to the websites to do maintenance on them.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @frustrated999,

    I am also using Cloudflare caching

    How do I cache static HTML?” says:

    If the Cache-Control header is set to “private”, “no-store”, “no-cache”, or “max-age=0”, or if there is a cookie in the response, then Cloudflare will not cache the resource, unless a Page Rule is set to cache everything and an Edge Cache TTL is set.

    When IPGB blocks something, it outputs a message by HTML and also Cache-Control header as no-cache, must-revalidate, max-age=0 (and also define DONOTCACHEPAGE for caching plugin).

    But if your configuration of Cloudflare caching meets the above conditions, you’ll see the blocking HTML after someone is blocked.

    Please check your Cloudflare configuration.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Locked out even if whitelisted’ is closed to new replies.