Banned Usernames, IP Banning

Hi @margomm

Sorry to hear you are having this issue.

I tried to replicate it on my website but it works fine.

Can you please double-check if the lockout is not set to a low timeframe?

Also, please let us know which caching plugin you are using, we got some reports in the past for similar issues on caching plugins, but it is related to caching plugin serving a cached version instead of lockout.

Also, Defender blocks the IP of my server:
[error] [client IP of my server] : client denied by server configuration: /wp-content/plugins/defender-security/languages/wpdef-default.pot,

Did you find the IP on Defender > Firewall?

If so, can you go to Defender > Firewall > Log and filter per your server IP.

The plugin is not supposed to block any server IP, we do apply the prevent execution rule on Defender > Recommendation but it is a server rule, Defender will only implement it for safety.

Best Regards
Patrick Freitas

Hello!
Please tell me which one to set for the lockout and in which section?
Hummingbird Caching Plugin
What is the correct way to make blocking exceptions for a caching plugin?

Server IP in exceptions
My hosting said the plugin is trying to ping itself.
Denying the server to files:
/wp-content/plugins/defender-security/languages/wpdef-default.pot
/wp-content/uploads/wp-defender/index.php
affects the correct operation of the plugin?

Hi @margomm

Thanks for response!

Let me get a step back though.

1.

blocked Usernames receives server response 200
blocked IP receives server response 200 after 3 attempts to access the site

Please tell me which one to set for the lockout and in which section?

You need to check settings of “Defender -> Firewall -> Login protection”. There’s a “threshold” option that sets the time after which the ban happens. If it’s set to, for example, 3 failed login attempts and 300 seconds timeframe it means that a ban will happen only if these three attempts are within 300 seconds.

If there are e.g. two attempts in 300 seconds and third one after 350 seconds, it doesn’t count.

2.

Also, Defender blocks the IP of my server:
[error] [client IP of my server] : client denied by server configuration: /wp-content/plugins/defender-security/languages/wpdef-default.pot, referer https://my_site/wp-content/plugins/defender-security/languages/wpdef-default.pot
[error] [client IP of my server] : client denied by server configuration: /wp-content/uploads/wp-defender/index.php, referer my_site/wp-content/uploads/wp-defender/index.php

It doesn’t have anything to do with Defender blocking any access. It’s the opposite: it only means that your server blocked direct access to those files (in this case files belonging to Defender) which is a good thing for security. It doesn’t mean that Defender is blocking your server and doesn’t require changes in Defender.

But that is true that the plugin is trying to “ping itself”. It’s related to “self check” of the “Prevent PHP Execution” and “Prevent Information Disclosure” security recommendations (as in “Defender -> Recommendations” settings) and actually means that they are both working as expected (since server denies the access).

So that’s a good thing and expected.

3.

Hummingbird Caching Plugin
What is the correct way to make blocking exceptions for a caching plugin?

Hummingbird has no any “blocking” options so I’m not quite sure what do you mean here. Are the Defender “lockout screens/messages” cached for you in Hummingbird?

If yes, this would usually be directly related to some additional cache active on site or server as Hummingbird itself wouldn’t be caching such screens.

Kind regards,
Adam

Hello @margomm ,

We haven’t heard from you for several days now, so it looks like you don’t have more questions for us.

Feel free to re-open this ticket if needed.

Kind regards
Kasia

Thanks! I managed. I figured it out and the Defender blocks unnecessary bots and IP.
Another question.
1.How to specify the USER AGENT correctly, if his name consists of several words and symbols, for example:
Keyword Density/0.9
[email protected]
T-H-U-N-D-E-R-S-T-O-N-E
Web Image Collector
Screaming Frog SEO Spider/16.3
YottaShopping_Bot
Go http package
best-seo-solution.com

You need to put a backslash before spaces and punctuation marks:
Keyword Density\/0\.9
scaninfo@expanseinc\.com
T\-H\-U\-N\-D\-E\-R\-S\-T\-O\-N\-E
Web\ Image\ Collector
Screaming\ Frog\ SEO\ Spider\/16\.3

2. Only the USER AGENT part can be specified, for example:
instead of Screaming Frog SEO Spider/16.3, write seo?

Hi @margomm,

Please try using the following as User-Agent,

YottaShopping_Bot

If that’s not working, can you please share the log file from where you found the above-mentioned User Agent so that we can take a closer look?

Kind Regards,
Nebu John