One of our team member tested your scenario and can’t replicate the issue. .
From AIOS 5.0.0 release, the AIOS logic is batching login lockdown emails and sending it after 15 minutes. so, the user doesn’t get a lockdown email instantly.
Still, if you are not getting the login lockdown email, please follow the below suggestion:
- Install and activate the “WP Control” plugin.
- Go to Admin Dashboard > Tools > Cron Events and find Hook name “aios_15_minutes_cron_event” and press on the “Run Now” link.
I do not mean receipt of the email for locked down. I meant that a user who has tried the maximum attempts does not get locked out when “php backtrace in email” is ticked.
Please accept my apologies for my misunderstanding.
Can you please just ensure that the failed login entries with the same IP are listed on the Admin Dashboard > WP Security > User Login > Failed Login Records (tab)?
Thank you.
I am sorry again.
Just tested it and still same. I set max login attempts to 5, and retry time period to 5mins, yet no lockout, because I have “php backtrace in notification” ticked.
Still, no record in the “Dashboard > WP Security Dashboard > Locked IP Address (temporarily)”.
But, for the Admin Dashboard > WP Security > User Login > Failed Login Records (tab), yes there are records in this tab.
@branhampaul We have found that the user must try to log in (Max login attempt + 1) times instead of the Max login attempt. We will resolve it in the next the AIOS release.
Are you able to login lockdown after (Max login attempt + 1) times failed login attempts?
What do you mean by “(Max login attempt + 1)”?
The Max login attempt is the input field setting in Admin Dashboard > WP Security > User Login as indicated in the screenshot https://nimb.ws/RkZKqz.
My “max login attempts” is 5.
The user will be locked down if he/she will try login 6 times with an invalid credential. from the same IP address.
This does not work still. I tried for more than 10 times.
Can you please give me your site’s “minimum lockout time length” and the “maximum lockout time length” values from the Admin Dashboard > WP Security (main menu) > User Login (submenu) > Login Lockdown (tab), as shown in the screenshot here: https://nimb.ws/VtXkRq?
Minimum – 10
Maximum – 1440
Sorry for asking for so much information from you.
We are really interested to resolve your issue.
It looks like the issue is related to your setup specifically.
Can you make a staging site and send me credentials over WordPress slack chat?
Join WordPress Slack at https://make.wordpress.org/chat/ and send me a direct message there by finding my name in the members. After sending a DM to me in Slack, please write here so I can follow up.
Update:
After updating the plugin, and having “php backtrace in notification” ticked, the lockdown works, but shows “There has been a critical error on this website” to the user. Also at WP Security > Dashboard > Locked IP Address, it does not reflect the said locked IP Address.
