@poopypants
It seems to be working fine over here.
You don’t have any “Host or User Lockout” entries in the Logs page ?
Note there is a difference between a temporary lockout and a permanent ban (in case you missed that) π
Also the IPs of failed “admin” user login attempts are not immediately permanently banned (as the settings description suggests) but locked out temporarily.
dwinden
No lockouts nor bans at all.
Plenty of attempts in the log file.
I have to put the IP into the Ban Hosts list manually.
As I said, I have several other sites working fine with this plugin.
I have been using it for a few years now…
@poopypants
Ok, so if I understand correctly we should see this as an isolated issue on a single site.
Permanent bans are triggered by a certain number of (host) lockouts (by default 3) within a predefined timeframe (by default 7 days). No temporary lockouts means no (automatic) permanent bans written to the .htaccess file.
Are there any errors in the web server error_log ?
Did you try deactivating&deleting the plugin and then reinstalling&reactivating the plugin ?
dwinden
Yes, isolated issue… Unless you have seen this before.
I understand how the lockouts/bans work.
Not sure about error log, have not looked.
Have not tried the plugin replacement method, was hoping to not have to do that… I guess I have to, though.
@poopypants
I’ve checked the lockout code and I think I’ve found a scenario that possibly explains whats going on.
To get some sort of confirmation please log into the database (eg by using phpMyAdmin) and check for the existance of any (temp_type=) “brute_force” records in the wp_itsec_temp table.
Adding a record to this table is the first step in the lockout process.
Existance of 1 or more “brute_force” records in this table is the confirmation I’m looking for.
I think the lockout process fails to execute the subsequent steps.
Note the Logs page displays records from the wp_itsec_log table.
Note you may be using a different database table prefix than the default (wp).
dwinden
More info…
I compared some database entries from another site, and confirmed some items:
No records in the wp_itsec_lockouts table on the problem site.
No lockouts in the wp_itsec_log table. (there are records)
Hope this helps…
Looks like it dropped my previous post…
Yes, there are “brute_force” records in the wp_itsec_temp table.
Yes, the Logs page displays records from the wp_itsec_log table.
@poopypants
Ok, that fits the picture.
I think it is a file/folder permission issue.
Before the lockout is actually executed the plugin tries to create a file lock. If the file lock fails to be created the lockout code is not executed …
It looks like this:
if ( $itsec_files->get_file_lock( 'lockout_' . $host . $user . $username ) ) {
//do lockout code
}
$itsec_files->release_file_lock( 'lockout_' . $host . $user . $username );
I’ve seen your issue in a previous topic and I can confirm it was resolved by setting proper folder permissions.
The temporary lock file/folder is normally created in the wp-content/uploads/ithemes-security folder.
The above info should allow you to fix the issue.
dwinden
OK, that did the trick!
Thanks for your help…
Cheers
