Support » Plugin: Limit Login Attempts Reloaded » Plugin Blocking All Logins – Even New Ones

  • Resolved juusan

    (@juusan)


    Hi there, I’ve had this plugin installed for a long time on four different sites, but suddenly it’s not behaving. Every time someone tries to login, it blocks them. While this makes sense for logins that are being hammered by bots, I just had a customer email me saying she’s locked out of her account, which she created seconds before. What’s going on?

    The page I need help with: [log in to see the link]

Viewing 13 replies - 16 through 28 (of 28 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Hi,

    We’re going to update the plugin shortly by adding some debug info into it. This will help us to better handle situations like yours. After that, we’ll ask you to provide that debug info. Please allow us a few days.

    That would be GREAT. Thank you!

    Plugin Author WPChef

    (@wpchefgadget)

    Hi all,

    We have updated the plugin. Please check out the Debug tab on its settings page and copy/paste that info here so we could better understand your situation.

    juusan

    (@juusan)

    Hi there. Before I post it here in a public forum, can you please confirm there is no identifying information in the debug log?

    Plugin Author WPChef

    (@wpchefgadget)

    Hi, this is correct. All real IPs are replaced with “IP0, IP1” etc. You should not see there any real IPs.

    hey there, so this is all that’s in the debug tab… even though it just tried to locked me out, so I had to temporarily rename the plugin directory before I could login:

    REMOTE_ADDR = 127.0.0.1
    HTTP_X_FORWARDED_FOR = IP1
    HTTP_X_REAL_IP = IP1

    I’m also noticing that it’s giving me the error before I even input a username or password. It loads immediately upon loading wp-login.php. This is for https://fearlesscooking.club

    • This reply was modified 1 month, 2 weeks ago by juusan.
    • This reply was modified 1 month, 2 weeks ago by juusan.

    And this for one of my other sites that’s still having the same problem, and just locked me out a few minutes ago and required I temporarily change the plugin directory name to log in – https://cookingcheatsheets.com :

    REMOTE_ADDR = 127.0.0.1
    HTTP_X_FORWARDED_FOR = IP1
    HTTP_X_REAL_IP = IP1

    • This reply was modified 1 month, 2 weeks ago by juusan.
    Plugin Author WPChef

    (@wpchefgadget)

    Hi, as you can see your REMOTE_ADDR is passed incorrectly. 127.0.0.1 is the server’s IP, not yours. Your website is behind an Nginx proxy (something similar to CloudFlare). You need to ask your hosting provider if they can make it so REMOTE_ADDR gets the correct IP value.
    Meanwhile, you can add “HTTP_X_REAL_IP” into the Trusted IP Origins field on the plugin’s settings page and that will fix your problem. https://i.vgy.me/qikmpN.png

    juusan

    (@juusan)

    Thanks. Will this option allow multiple IP addresses through, or just mine?

    juusan

    (@juusan)

    Also, I tried this and it didn’t make a difference at all. I’m still locked out unless I log into FTP and change the name of the plugin directory.

    Plugin Author WPChef

    (@wpchefgadget)

    > Will this option allow multiple IP addresses through, or just mine?

    Sure, it will allow multiple IPs.

    > I tried this and it didn’t make a difference at all

    You need to unlock the 127.0.0.1 IP on the plugin settings page.

    juusan

    (@juusan)

    I have been all over the plugin settings pages on my different sites I don’t see an option anywhere to unlock the IP. Where is this?

    juusan

    (@juusan)

    Oh wait, it’s because the local IP is already unlocked. So… now what can I do, if it’s already unlocked and still not working?

Viewing 13 replies - 16 through 28 (of 28 total)
  • You must be logged in to reply to this topic.