Support » Plugin: BulletProof Security » Why am I locked out by attempted logins from my own IP

  • Resolved lonndugan

    (@lonndugan)


    Why am I locked out by attempted logins from my own server IP#?

    A User Account has been locked on website: http://xxxxxxxxxxx.org

    To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.

    What to do if your User Account is locked and you are unable to login to your website: Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.

    What to do if your User Account is being locked repeatedly: Additional things that you can do to protect publicly displayed usernames, not exposing author names/user account names, etc.: https://forum.ait-pro.com/forums/topic/user-account-locked/#post-12634

    Username: XXXXXXXXXXXXX

    Status: Locked

    User Role: administrator

    Email: exxxxxxxx.xxx

    Lockout Time: February 19, 2020 8:39 am

    Lockout Time Expires: February 19, 2020 6:39 pm

    User IP Address: 192.xxx.xxx.119 (my server ip#)

    User Hostname: server.xxxxxxxxxx.com (my hostname)

    Request URI: /wp-login.php

    Website: http://stemdrc.org

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author AITpro

    (@aitpro)

    Just stating general stuff here > BPS Login Security (LSM) does not lock anyone out by their IP address. The email alert captures the IP address of the person who was locked out and sends that IP address in the email alert to the Administrator of the website or the email address that you have chosen for where email alerts are sent to.

    I believe the question you are asking is why is your server IP address being captured and displayed in the LSM email alert instead of your public IP address (ISP assigned IP address).

    The BPS Code that gets the IP address of the person who is locked out is this: $ip_address = esc_html( $_SERVER['REMOTE_ADDR'] );

    PHP $SERVER variables: https://www.php.net/manual/en/reserved.variables.server.php

    ‘SERVER_ADDR’
    The IP address of the server under which the current script is executing.

    ‘REMOTE_ADDR’
    The IP address from which the user is viewing the current page.

    Logical reasons for why your server IP address is being captured and displayed in the email alert instead of the IP address of the user could be caused by a Proxy configuration mistake or a server config mistake. Do you have a Proxy server? Do you have anything else installed that might affect the REMOTE_ADDR variable? If you have no idea what these things mean then contact your web host and refer them to this forum topic. So they understand the issue/problem.

    • This reply was modified 9 months, 2 weeks ago by AITpro.
    Plugin Author AITpro

    (@aitpro)

    Is the issue/problem still occurring or is it resolved?

    Thank you for replies: The issue continues.

    I understand BPS doesn’t lock anybody out by their IP, but that it captures the username against which the login was attempted as well as the IP# of the ‘person’ or script or bot that fails the login.

    – The username against which the login attempt is targeted is NOT a published user or author name.

    – The IP# being captured is the IP# for shared hosting on my dedicated server.

    – I do not have a proxy server.

    – BPS works well on other domains on the same server.

    The BPS lockout report cause a concern that somebody or some script is getting into the server or site through some kind of back door and trying to then login as one of the admin accounts. But it is only happening on this one account.

    Can I safely whitelist my own server IP# or would that give somebody with back door access a way in to hack the site?

    Plugin Author AITpro

    (@aitpro)

    What do you mean exactly for this “The username against which the login attempt is targeted is NOT a published user or author name.” Are you saying this particular username is not displayed publicly on your website or are you saying the user account does not exist?

    Does the same problem happen for all user accounts? Example: If you create a test user account and that test user account gets locked out, do you also see your server IP address in the Login Security email alert?

    Plugin Author AITpro

    (@aitpro)

    Did you get this figured out?

    Plugin Author AITpro

    (@aitpro)

    Resolving old thread.

    • This reply was modified 5 months, 4 weeks ago by AITpro.
Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.