Plugin blocking all login

  • Resolved doctorkaraca

    (@doctorkaraca)


    5 years, 8 months ago

    I just noticed this morning that a brute attack was attempted by somebody on my site. The plugin worked as it should and blocked access. However I think it banned every IP, not just the attacker’s. As the admin I was not able to login despite changing my IP several times. It is important to note that even before I attempted login I got a message saying “1 attempt remaining.” I could reproduce this on other sites I manage as well. I had to disable the plugin for now. Is anybody else having this problem?

Viewing 13 replies - 1 through 13 (of 13 total)

  • I am also having this issue after the latest update. The plugins is not working properly. I have whitelisted some of my ip’s but i am no longer able to log-in from that ip’s also. when someone enter the wrong password more than three times then the plugin should locked the particular ip however, every ip’s are locked. If you want to disable the plugins simply go to your cpanel go to wp-content/plugins folder and simple rename the plugins and that will be deactivated automatically. surprisingly, the login attempts are made from my own ip itself (where i have hosted my website). This is crazy.

    I’m having the same problem with our customer websites. Had to deactivate the plugin via ftp …

    Me too – I was impressed the plugin stopped the brute force attack but now I can’t login even with the correct wp-admin credentials. Just get a “too many login attempts” error.

    Me too. The same as above.
    I hope the plugin developer is working to correct this issue.

    Guys remove that plugins and install Wp Cerber Security.
    This one is quite good and i am using this

    https://wpcerber.com/

    Plugin Author WPChef

    (@wpchefgadget)

    Hi guys,

    Do you use any type of dns/proxy services, like CloudFlare?

    I use OpenDNS https://www.opendns.com/

    I have OpenDNS DNS servers configured on my computer.

    Would that be causing the Limit Login Attempts Reloaded lockouts?

    I have been locked out only once thus far, but almost every time I have to paste in the login URL, user name, and password into the browser two or three times before I can actually get into the WordPress dashboard, a real pain in the tail. Once in awhile I have to rename the Limit Login Attempts Reloaded directory so I can get into an account. Hopefully we can figure out why and fix it before I go insane…

    Thread Starter doctorkaraca

    (@doctorkaraca)

    Any of you using HostGator as host? I believe there was a configuration error (they switched to another version) on their part where Apache was returning host IP instead of client IP. They were aware of this situation and they were fixing it at server level. It seems to have been resolved now. The plugin is working as it should for me.

    • This reply was modified 5 years, 7 months ago by doctorkaraca.
    • This reply was modified 5 years, 7 months ago by doctorkaraca.

    Attention: 2by2host

    Why did you ask “Do you use any type of dns/proxy services, like CloudFlare?”?!

    Plugin Author WPChef

    (@wpchefgadget)

    Hello guys,

    We have uploaded a new version of the plugin.

    The plugin doesn’t trust any IP addresses other than _SERVER[“REMOTE_ADDR”] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER[“REMOTE_ADDR”] with wrong IPs which leads to mass blocking of users.

    Please try it out.

    Thread Starter doctorkaraca

    (@doctorkaraca)

    Thank you! It works normally now.

    Sorry for replying to a solved thread. Which plugin was causing this issue with everyone? I am now having the same problem with all admin users. Our host is GoDaddy. Thanks.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Plugin blocking all login’ is closed to new replies.