• Resolved hwhitney

    (@hwhitney)


    I’ve used this plugin for a while without issue but recently I have been having a problem where users, including the admin account, are getting locked out, even though there have been no failed login attempts from that location or account. Looking through the logs I see the same handful of IP’s being locked out, even though users are not on related networks in any way (individual customers in different states etc.). My guess is that the blocked IPs are coming from my hosting server and not the actual addresses of the login attempts? I don’t know what to do about this.

    This is my Debug info:

    HTTP_X_FORWARDED_FOR = IP0
    HTTP_X_REAL_IP = IP0
    HTTP_X_SUCURI_CLIENTIP = IP0
    REMOTE_ADDR = IP1

    Thank you!

    EDIT: I started looking up the WhoIs data on the blocked IP addresses and they are all coming up as related to Sucuri which I believe is the firewall service provided through our Godaddy host.

    • This topic was modified 1 year, 11 months ago by hwhitney.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Your server detects IPs incorrectly. You can fix that by adding HTTP_X_SUCURI_CLIENTIP to your Trusted IP Origins setting.

    Thread Starter hwhitney

    (@hwhitney)

    Thank you, hopefully that will solve the issue!

    Thread Starter hwhitney

    (@hwhitney)

    Hello again. I thought that your solution solved the problem, but over the weekend I had the same problem happen twice again. This is what shows up in my logs. Both those IP’s show up frequently in the blocked logs from the previous instances of having this issue:

    Date IP Tried to log in as Gateway

    May 30, 2023 13:22 185.93.229.19 [email protected] (1 lockouts) wp_woo_login Unlocked

    May 29, 2023 00:55 66.248.200.19 [email protected] (1 lockouts) wp_woo_login Unlocked

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Erroneous lockouts’ is closed to new replies.