First off, even before knowing the root cause of the blocks.
If you are seeing this message, you have something catching wrong on logins.
So, you can eliminate the problem temporarily, by going to your Options page and unchecking “Enable login security”.
With Login Security turned off, these blocks and this message cannot happen. You can then keep the rest of WordFence’s security measures running while you figure all this out. Not letting yourself wide-open to the world by having the whole plugin disabled. 🙂
Secondly, the only thing that can produce this particular error message, is if WordFence (rightly or falsely) believes that users are trying to login with a banned user name.
So you might want to check the content of your banned user list.
(Setting on Options page: Immediately block the IP of users who try to sign in as these usernames).
Third, if your banned user list is not containing any goofy things, have you by any chance enabled any other security/login related plugins recently? Such as “User Blocker” or any other plugins that can add to the authentication chain in WordPress?
Hello @ntjedge
Do you know if there is a reverse proxy configured on your server or not?
Getting the server IP logged in Live Traffic instead of the real visitor’s IP is an indicator of this issue explained here.
I have a doubt that “How does Wordfence get IPs” isn’t configured correctly, can you please share a screenshot showing (Wordfence > Tools => Diagnostics => IPs section)? or even better you can email the diagnostics report to “alaa [at] wordfence [dot] com”, make sure to include the forum username so I can easily recognize the report.
Thanks.
Hi,
Thank you @crudhunter for your suggestions.
1 – I disabled the option “Enable login security” and cleared the Blocked IP list. Now I can view the website & so can my users. I wonder how I missed that option in the first place!
2 – Nobody was trying to login, the homepage itself was blocked. Even when coming from Search engines. I check the banned user list, nothing out of order.
3 – My plugins list is very conservative. Nothing that touches anything that does anything with WordPress logins :). Not even a caching plugin.
Here’s the list, if it helps.
– Contact Form 7
– Developer Mode
– Duplicate Post
– Really Simple SSL
– Slider Revolution
– Templatera
– Wordfence Security
– WP Migrate DB
– WP-SpamShield
– WPBakery Visual Composer
Yup, that’s all. I have disabled Duplicate Post, Templatera & WP Migrate DB as I don’t need them currently.
Any of those plugins according to you, could mess with WordPress authentication chain?
Thanks again for your assistance!
Hi @wfalaa, thank you for chiming in.
> Do you know if there is a reverse proxy configured on your server or not?
As far as I know, I don’t think so. I am not using CF. Nothing has changed recently on my server either, nor on my website. If something had changed on my server then it should have affected my other sites too (all running auto-updated WordPress with Wordfence – some using CF, some not) with a similar set of plugins – I stick to the ones I have been using for long.
I followed your link about server IP logged in Live Traffic instead of the real visitor’s IP. My site is currently set to “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites”. I guess that’s the default?
Surprisingly, it is showing my current IP address just below the drop-down. On enabling Live Traffic, I can see that is showing correct IPs of the visitors – no more server IPs. And I didn’t make any changes that might have ‘fixed’ the issue. Somehow it’s back to normal.
I cannot re-enable the option “Enable login security” for now and risk blocking all visitors again. I will do it later in the day when the traffic is lower. I will also email you the report if required once I test it.
Thank you for your assistance in this matter 🙂
There is one more level of security you can turn back on first, if you now know that it is overall working.
As mentioned, that particular block message “Blocked by login security setting”, can ONLY be seen under a combination of two conditions.
a) Login Security (which is a global switch for all login sec) must be on.
b) WordFence under Login Security checks multiple things. That message can only happen, when WordFence for some reason thinks it has hit a user name in your
“Immediately block the IP of users who try to sign in as these usernames”
setting.
From that, it would logically follow, that if you first clear that user-name list, make sure that field is completely empty, you can turn back on the “Login Security”, to regain all the other checks. It then still could/should not be able to find banned usernames to produce the “Blocked by login security setting” on. 🙂
If you see that message again, but with an empty blocked users list, something is going VERY haywire, since PHP would seems to have stopped executing logically. 🙂
Before you clear it, please save a copy, so you can tell us what was in it. 🙂
Nothing with authentication issues in your plugins list, that I can see.
