WordPress.org

Support

Support » Plugins and Hacks » iThemes Security (formerly Better WP Security) » [Plugin: Better WP Security] Site Lockout Events despite Blocked IP

[Plugin: Better WP Security] Site Lockout Events despite Blocked IP

  • I’m using the Enable Banned Users list and I’ve been manually adding Banned Hosts to the IP list one line at a time, but the same few IP addresses keep attempting login events, which trigger Site Lockouts.

    Any suggestions as to how these specific IP’s can keep getting locked out if I’ve added them to my Banned List?

    I’ve added the specific IP’s as well as wildcards, like this:
    91.224.160.141
    91.224.160.*

    I appreciate any suggestions you might have 🙂

    ~ Robby

    http://wordpress.org/extend/plugins/better-wp-security/

Viewing 10 replies - 1 through 10 (of 10 total)
  • Same here. IP is Banned, still getting the events. AND all my users (including wp admin) are unable to login after the latest version is updated.

    Can you all please check your .htaccess and verify that these IPs are making it there?

    Yes, the thought did occur to me that the .htaccess wasn’t being updated, but in my case it was. I’m still uncertain why the ip isn’t being properly blocked…

    Any update on this? Same thing is happening to me. htaccess file is being updated but keep getting site lockout notifications… I’m using a CDN … not sure if that’s affecting it.

    My assumption is that these hackers aren’t logging in via the blog interface but instead through some automatic code which bypasses the IP block… but this is just a guess.

    Same.. My IP’s show up in the Dashboard tab’s ‘Rewrite Rules’ towards the bottom but they are not being written to the actual htaccess file. Has there been any solutions here? Thanks!

    I have similar issue.
    I haven’t banned anyone manually, but BWS did so for an IP address after it had too many 404’s, so it locked it out permanently.
    Still, the attacker continued on, making more 404’s, which run the 404’s detection process all over again and for each pass, so I get both many notification emails and practically the permanent lockout is not working.

    Also, the log page shows a long matching list at the “all lockouts” box, but on top of the page, in the box of “clean database”, there is a line of “Your database contains 0 old lockouts.” but it should not show “0” (zero) but the number of records of “all lockouts”.
    Still, checking its check box and clicking “remove data” removes the current “all lockouts” records, so this works well.

    Same here

    I’m having the same issue as bobair as well. Banned IP addresses are being added to my htaccess file, but I am getting site lockout notifications for the same IP addresses.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Plugin: Better WP Security] Site Lockout Events despite Blocked IP’ is closed to new replies.
Skip to toolbar