Can't login to change my settings against continuous lockout

You could rename the better-wp-security folder in order to be able to log into WP Dashboard again. Once logged in you can rename the folder back to better-wp-security. But there is a risk that you will get locked out again…

If so find out your (v4) ip address.

Then add your ip address to the whitelist using these instructions:

– Log into phpMyAdmin
– Click on the [prefix]options table in the left pane.
– Click on the SQL tab in the right pane.
– Execute: SELECT * FROM [prefix]options WHERE option_name=’itsec_global’
– Doubleclick on the serialized data displayed under the option_value column.
– Find: s:18:”lockout_white_list”;a:1:{i:0;s:15:”###.###.###.###”;}
Verify you current ip address matches the whitelisted ip: “###.###.###.###”.
If there is no match, change s:15:”###.###.###.###” into your current ip address. For 111.111.111.11 it would be: s:14:”111.111.111.11″

– If there is no ip address whitelisted find: s:18:”lockout_white_list”;a:0:{}
Then replace a:0:{} with a:1:{i:0;s:15:”###.###.###.###”;}
where ###.###.###.### should be substituted with your current ip address. For 111.111.111.11 it would be: a:1:{i:0;s:14:”111.111.111.11″;}

– Click anywhere outside the serialized data box to save changes.

[prefix] should be substituted with your database tables prefix (eg: wp_).

Needless to say the above procedure is at your own risk and should only be performed after creating a database backup.

dwinden

Thanks Dwinden. What can I do if I work off a laptop that changes ip addresses?

Hi Dwinden, I don’t seem to have a prefix option in the left pane and when I execute SELECT * FROM [prefix]options WHERE option_name=’itsec_global’, it returns the following error.

Error
SQL query: Documentation

SELECT *
FROM [prefix]options
WHERE option_name = ‘itsec_global’
LIMIT 0 , 30

MySQL said: Documentation

#1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘[prefix]options WHERE option_name=’itsec_global’
LIMIT 0, 30′ at line 1

All I have in the left pane is my username and dropdown and then information_schema and dropdown. Are you able to help me?

Thanks!

@didoh

The instructions in my previous update are for adding an IP to the iTSec plugin permanent whitelist.

Even though it seems your laptop is configured to use dynamic ip addresses the instructions still might help you to get in and release lockouts or reconfigure the iTSec plugin settings.

The iTSec plugin does have another (temporary) whitelist setting. Which, considering you are using dynamic ip addresses, would probably make more sense to use.

However based on your last post I think we better look for an easier solution.

So ignore my previous instructions and try this instead.

Rename the better-wp-security folder in order to be able to log into WP Dashboard again. Once logged in create a new administrator user.
Logout, rename the folder back to better-wp-security and then login using the new administrator user name.

In the iTSec plugin Dashboard screen click on the blue Temporarily Whitelist my IP button.

Logout and login again using the old (locked out) user name. Because your dynamic ip address has been temporarily whitelisted you will not be locked out for 24 hours.

These instructions basically solve the issue as reported in this topic. But you need to do more in order to prevent this from happening again. It seems your website is leaking user name(s) or they are too easy to guess …
And probably anyone can access your WP Dashboard login page. Hence the user lockouts you are experiencing.
Fix that and you are back in control.

dwinden

@didoh

If my previous post helped you to solve your issue please mark this topic as ‘resolved’.

dwinden

@didoh

If you require no further assistance with this topic please mark it as ‘resolved’.

dwinden