Blocked from accessing dashboard

Hi, can you try the following solution. Let me know if this helps you in any way.

Thank you

• This reply was modified 7 years, 5 months ago by mbrsolution.

Thank you. I did that, and still had the same problem when I tried to re-install a fresh version of AIO.

I also de-activated all plugins, and turned them back on one at a time. I was only blocked when I turned on AIO, even after running the settings re-set plugin. I cleared my cookies and tried logging in from another browser also.

I ran the AIO settings reset a second time, deleted the new version of AIO security, re-installed from wordpress again, and it seemed to work. But there was an added user I did not authorize, pages were changed, email addresses were changed. Is there a way to figure out how it happened so I can prevent it from happening again? I’m already getting 20 or more 404 errors a day again.

Thank you again

Hi, that is very strange what you mentioned in the following comment.

But there was an added user I did not authorize, pages were changed, email addresses were changed.

Is your site a membership site?

Do you have more than one admin user in your site?

It is not a membership site. I had it set so that new users had to be manually approved. I thought I hid the registration page. I am the only admin for the site.

What firewall settings have you enabled? Do you have Rename Login Page under Brute Force enabled? Do you have any other security plugin installed in your site?

Firewall settings by tab:
Basic Firewall Rules tab – everything is checked, however, I did not have the Completely Block Access To XMLRPC option checked when the problem happened
Additional Firewall Rules tab – everything is checked
6G Blacklist Firewall Rules tab – both options checked
Internet Bots tab – check
Prevent Hotlinks tab – check
404 Detection tab – check – still getting 404 errors
Custom Rules tab – I don’t know how to do that so there’s nothing there

Rename Login Page – yes I was using that when this happened. I am now using the cookie based option.

Other security plugins – the only other plugin I had at the time was the AIO Smart 404 plugin that goes with the AIO plugin. I have my IP white listed.

Thank you

Hi, did you remove the user who was not authorized?

In regards to the following comment. Have you now enabled completely block access to XMLRPC?

Basic Firewall Rules tab – everything is checked, however, I did not have the Completely Block Access To XMLRPC option checked when the problem happened

In regards to the following comment. Only one feature should be enable, the 6G.

6G Blacklist Firewall Rules tab – both options checked

Once the above is carried out, keep monitoring this. Report back if it happens again.

Regards

Unauthorized user – yes that was the first thing I did. I also changed from the login URL to the cookie based login, changed all passwords, made sure my IP was the only one whitelisted, and started with a new htaccess because I was not sure if the file had been tampered with.

XMLRPC – yes, now it is checked.

6G – thank you, 6G is the only option checked now.

Thank you for your help!

Are you still being blocked? Are you still receiving Brute Force attacks?