Hi Eric,
The locked IP addresses will appear at this page:
wp-admin/admin.php?page=aiowpsec&tab=tab2
Do you have anything in that table?
It could well be that they are not triggering the rules to be blocked.
You could test this feature your self to make sure that it is working.
Make sure you are logged in on one browser, then on another browser or machine (Don’t use the same browser/machine as you don’t want to lock yourself out!) fail to login until you trigger your rules, then on the first browser refresh and check if the entry has been added (if it has remove it).
Best Wishes,
Ashley
So, in this example on 10/21… Because the same IP didn’t fail enough times in a short enough period it didn’t get locked out?
Login fails info and settings: link
Link
link
Hi Eric,
Yes correct although the last one in that list looks like it could have been within the time window for a block.
Are you able to try the test I suggested above to make sure it is working as expected on your site?
Best Wishes,
Ashley
So I just did it from another machine, and browser on VPN. So worried I’d lock myself out. I CAN confirm it locked me out after the third bad attempt. I see the user, and IP I used for this test. So…that’s working. I wish there was an option to send failed logins directly to a blacklist. I genuinely do not want to ever see the hundreds of bad IPs at my virtual door again.
Is it not very easy for these parasites to just get a new IP or spoof another IP?
Thanks for your help, Ashley.
-eric
Hi Eric,
Glad it’s working for you as expected.
Do you have a static IP address? you could turn on the whitelist feature that only allows whitelisted IPs to access the login page (all others will be blocked).
Found at: WP Security -> Brute Force -> Login whitelist
Or you could use our Cookie based brute force protection, with this you have to access a secret page in order to get a cookie that allows access to the login page.
Found at: WP Security -> Brute Force -> Cookie based brute force protection
Best Wishes,
Ashley
I’m afraid the diversity of networks and locations will flummox that. I like these features but am not ready to commit to that yet.
Also I do not think the Email component of this plugin is working. I’ve had a few locked out and never got an email about it.
Hi Eric,
Sorry about the delay.
I’ve just tested this myself and it is working.
The emails are sent every 15 minutes via cron, so they may just be delayed.
Or if crons don’t run on your server that maybe the reason why you are not getting them.
Best Wishes,
Ashley
