Hi @theslink2000, thanks for getting in touch.
On the face of things, unless the usernames/passwords were typed and stored incorrectly, I wouldn’t expect Wordfence to check them any differently to freshly typed credentials.
I would start by disabling all plugins except for Wordfence to see if the problem stops. Failing that, also try switching to a default theme such as Twenty Twenty-One and try again as some themes can have custom login form validation code. You can install a maintenance mode plugin during this time if site visitors are likely to be impacted during your tests. If those don’t solve it, disabling only Wordfence – which would for sure identify whether the problem only occurs when Wordfence is active.
If this seems to be the case, you could disable Wordfence > All Options > Brute Force Protection > Immediately lock out invalid usernames to rule out the possibility of a mistyped username being the cause. If your other settings here under Brute Force Protection, or in Wordfence > All Options > Rate Limiting, are too strict and locking users out after 1 failed login attempt (for example), you could try relaxing these settings slightly.
You can read more about the settings that may affect login attempt heres:
https://www.wordfence.com/help/firewall/brute-force/
https://www.wordfence.com/help/firewall/rate-limiting/
Let me know how you get on!
Peter.
Hi @wfpeter,
I appreciate you getting back to me.
The biggest problem I’m facing is that I am so far unable to replicate the issue on my end of things. I have can log in straight in as the shop manager in question and even though he says he is using the saved password, which I know is right because I saved it to his device, and typing it in manually, it still fails intermittently for him. I’ve actually seen this on his end when I was using his device to try and troubleshoot things, but I put it down to a local caching issue with the device as when I deleted the website data for this site it started working. But then a few days later he’s complaining of the same issue and uses the stored password 4 or 5 times and then suddenly it works.
Now obviously I’m still heavily suspecting user error of some kind, but the fact that it’s happening semi-regularly and I know this guy is fairly tech-savvy, it’s making me question things. Like I pointed out in my first post, every login failure shows an error Page of “/admin-ajax.php”, which I find odd but I have no idea what it means. Do you?
I’m using the Hello Elementor theme, which is super lightweight anyway and doesn’t mess with login features, but I’ll test with 2021 as well. I already have the Brute Force and Rate Limiting settings fairly relaxed as this is a Woocommerce site and therefore has a lot of people logging in on a regular basis, so that isn’t the problem.
You’re right though, I can’t see why stored passwords would or even could be interpreted differently to typed ones, let alone how Wordfence would be able to see any kind of difference. But as I’ve described above, it seems to happen with typed ones as well. So, unless you can explain that /admin-ajax.php thing I mentioned, I’m left wondering if this is a security or caching plugin issue so I wanted to see if you guys had any thoughts before I did anything drastic.
I’ll continue to experiment with the plugins, but due to it being apparently intermittent I’m not confident I’ll be able to catch it.
Thanks for any input you can offer though.
Hi @theslink2000,
I suspect it’ll be hard to replicate too if it’s happening to a specific individual sporadically but hopefully you’ll get some results or be able to eliminate the problem for them. Let me know how it goes.
The admin-ajax.php file contains all the code for routing AJAX requests on WordPress. As you probably know, AJAX is used to refresh page contents without reloading, and the login page does utilize this. When reCAPTCHA or 2FA is enabled in Wordfence, we use the admin-ajax.php page’s returned value for whether that was successful before presenting the extra form(s). It seems in this case you’re just seeing the attempt to sign in through this script being logged.
Thanks again,
Peter.
Hi @wfpeter
As we both suspected I’ve been logging in and out as this user on my phone all day, both on Wifi and 4G using the saved password and typing it in, it has not failed on me once.
I know he uses an iPhone and I’m on Android but I just can’t see it making any difference. Are there any pages that should be immune to caching that you can think of to make sure logins work properly? I think it’s just the login and account pages with Woocommerce, which I have done, and certainly nothing there that would be affected by Wordfence!
I get what you’re saying with the admin-ajax.php, I was just hoping it might be a clue but I did fear it was simply the password rejection process at work.
Thanks for the help anyway, I knew it was a long shot asking as I never thought Wordfence was the culprit but I had to cover my bases.
I can just see this dragging on due to what is most likely some weird kind of user error annoyingly.
All the best.
