Support » Plugin: Wordfence Security - Firewall & Malware Scan » Login blocking no longer working as expected – wf change?

  • sjc

    (@stevielovegun)


    Hi,

    I’m noticing recently that IPs that are Locked out from Login doesn’t appear to be working as expected. Or perhaps there’s been a change to the way Wordfence works?

    So a particular IP is hitting wp-login.php over and over again.

    In Wordfence’s Blocked IPs this is listed as Locked out from Login. My memory was that Wordfence used to give a 503 status to IPs after blocking them from login but in my logs now I’m seeing a 200 status each time the IP hits.

    12.345.678.99. - - [31/Aug/2016:14:10:53 +1000] "POST /wp-login.php HTTP/1.1" 200 1583 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
    12.345.678.99 - - [31/Aug/2016:14:10:55 +1000] "POST /wp-login.php HTTP/1.1" 200 1583 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
    12.345.678.99 - - [31/Aug/2016:14:10:56 +1000] "POST /wp-login.php HTTP/1.1" 200 1583 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
    12.345.678.99 - - [31/Aug/2016:14:10:57 +1000] "POST /wp-login.php HTTP/1.1" 200 1583 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
    ...etc...

    Thanks in advance for clarification.

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi Steve,
    By default this IP will be locked out temporarily for 5 minutes unless you changed the “Amount of time a user is locked out” option under (Wordfence > Options => Login Security Options), during this time it should get “200 HTTP response” when trying access the login page (I’ve just tested that).
    Only IPs that are “blocked” from accessing your website will get “503 HTTP response”, please let me know more details about how exactly this IP was locked out?

    Thanks.

    • This reply was modified 3 years, 3 months ago by wfalaa.

    UPDATE: I’ve discussed this issue with our dev team and they confirmed this as a bug, I mean this “locked out” page should not return HTTP response 200, it should be 503 instead.

    This has been logged to our system and it should be fixed in the next release.

    Thanks for reporting this one.

    sjc

    (@stevielovegun)

    Thanks @wfalaa, appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Login blocking no longer working as expected – wf change?’ is closed to new replies.