Hi, do you currently have the following enabled Login Whitelist under Brute Force?
What settings do you have enabled under the Login Lockdown under User Login?
Whitelist under Brute Force I had to disable, because I need the login page to be accessible from IP’s other than our local network. What I need is a blacklist exception rather than a whitelist, I suppose. Symantics, but in this case critical failure point, as it blocked all attempts to log in from other IPs when the local range was locked out.
Login Lockdown settings :
Enable Login Lockdown Feature: ON
Allow Unlock Requests: OFF
Max Login Attempts: 3
Login Retry Time Period (min): 5
Time Length of Lockout (min): 60
Display Generic Error Message: ON
Instantly Lockout Invalid Usernames: OFF
Notify By Email: ON
Is there a way to whitelist the local IP range or certain users to circumvent the login lockout?
No currently there isn’t. I suppose that a whitelist for lockout immunity is something we will seriously consider adding.
In the meantime, have you currently got “Allow Unlock Requests” enabled in the login lockdown settings page?
I notice teamviewer and proxy logins seem to reroute to localhost. Is that your plugin or have I fubared something elsewhere?
It may be this plugin.
Could be a number of things some of which include:
– 404 detection feature in the firewall menu
– brute force cookie based brute force prevention
– check the Dashboard>>Permanent Block List. Any IP address in there will be redirected to 127.0.0.1.
- Allow Unlock Requests changed to ON.
- The blacklist exception feature would be extremely welcome!
Permanent Block list is blank, and has been ever since I cleared it when I learned of the login page rename feature. Ever since I started changing that page on a weekly basis, we’ve received ZERO unauthorised admin login attempts. That’s been the single biggest change in our traffic profile since inception; HUGE fan of this feature!! 🙂
Do IPs under temporary lockout also get redirected to localhost/?loginpage ?
