iThemes Security (formerly Better WP Security)
What is this: locked out too many attempts open file?? (11 posts)

  1. listerdl
    Posted 2 years ago #

    I get this once a week:

    A host, 123.123.123(you can check the host at http://ip-adress.com/ip_tracer/ has been locked out of the WordPress site at http://www.mysite until Thursday, November 15th, 2012 at 1:18:32 am UTC due to too many attempts to open a file that does not exist. You may login to the site to manually release the lock if necessary.

    What does this generally mean - ?

    What "file" could they be referring to?



  2. BenRacicot
    Posted 2 years ago #

    I was looking for the same answer...
    I see on the 'Dashboard' tab at the bottom there is 'Rewrite Rules' which you might think would be in the htaccess file...? But they're not there in the actual htacces file...

    Also, I noticed several lockouts that kept attempting 8:35, 8:51, 9:07 and 9:22... So there must be a time limit too somewhere...

    If you find this "list" please write back here. Thanks!

  3. Handoko
    Posted 2 years ago #

    This notification means someone or human generated bot was looking for a page, file or any resource that doesn't exist on your website.

    Why it happened?

    Some themes or plugins are not properly wrote, so some files are missing that's why when a request to the item will generate such warning. If you're using such the theme or plugin, you may get the issue. I have several websites, one frequently gets this issue because of the theme and plugin it's using.

    It not always be hacking attempts. If you deleted some files or pages, you may receive this warning too. Google, Bing, etc will come back to check for the file/page to make sure it still exist. Based on my experience, Google will come back for it last for some months after I have deleted a page.

    It may also happen because of hacking attempts. The hacker generates bots that will automatically searching for files on your website for looking for weakness that may exist in your theme or plugins you're using. These are some samples that often appear on my site:

    From above you can see they're trying access upload-file.php and thumb.php. These files are known to have problem and can be used for hackers to perform certain things that may harm your website. Luckily I don't use Mantra theme nor Modest theme. If you're using those theme you should update it immediately, because it will probably fix on the new release.

    Sometimes, the problem can happen if you're visited buy Apple's visitors (iPhone, iPad, etc). Apple create new standard for improving user experience by looking some icons file. This new standard is not very well-known for most webdesigners. If on your View Log report, you see apple-touch-icon-xx, it means your site was visited by Apple's users. This thread has more information:

  4. billbob69
    Posted 2 years ago #

    I'm getting this repeatedly for one of my sites. Loads of info, Handoko, but how do we switch the alerts off?? Is it a server side (from my hosting) or from my site security? It's annoying.

  5. Handoko
    Posted 2 years ago #

    1. You can disable this feature totally by goto menu > Security > Intrusion Detection > disable the checkbox: Enable 404 Detection.

    2. You may keep this feature on but disable the notification by goto menu > Security > Intrusion Detection > disable the checkbox: Email 404 Notifications.

    If you're receiving too many same 404 notifications regularly from one site, it could mean there is something wrong with the site itself, like plugin incompatible, not proper configuration, etc. You should check what went wrong rather than disable the notification.

  6. BenRacicot
    Posted 2 years ago #

    Mine are not 404's or IOS devices. They are failed login attempts at wp-admin mostly from outside the US. Other though, more aggressive ones, are from inside the US...

  7. Handoko
    Posted 2 years ago #

    If the login attempts come from same IP, you should consider to permanently ban them. Goto menu > Security > Ban Users > turn on the Enable Banned Users and put the IPs on the Ban Hosts.

  8. ttwajsb
    Posted 2 years ago #

    My lock-out messages are saying the attempts are coming from my own Virtual Private Server. Any idea why that would be the case? I had expected reports indicating other IP addresses, but why my own static IP?

  9. Handoko
    Posted 2 years ago #

    I thinks one of the plugin or theme you're using is not compatible with Better WP Security, especially when you turn on the "change wp-content directory" feature. I experienced such issue several times.

    If my guess is correct, things you can do are:
    - Use other plugin/theme that is compatible with this plugin
    - Disable the "change wp-content directory"
    - Manually fix the incompatibility

  10. khouadri1994
    Posted 2 years ago #

    i actually can't access my website neither login to the wp dashboard what should i do ?

  11. Handoko
    Posted 2 years ago #

    Hi khouadri1994. This information may help:

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic