error – You have been locked out of this site

  • Resolved bejjja

    (@bejjja)


    3 months ago

    Hi, several weeks (more than a month) i did some changes in my wordpress bkcs.cz. Something happened, and now, no one is able to get to wp-admin. Error picture is connected to better wp security pluging, so i try to find help here. Restore from backup is not working, cause i dont have so old one.

    What could happen? Can you help me?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • nlpro

    (@nlpro)

    @shanedelierrr

    For a moment I was tempted to advise to add the ITSEC_DISABLE_MODULES constant to the wp-config.php file as described in the Solid Security FAQ below:

    How Do I Disable All Features If I Can’t Access My Site?

    (Even though I know a temporary lockout expires automatically after 15 minutes by default).

    But I started to have doubts… so I checked the plugin lockout code. It seems adding the constant does not disable/ignore active (temporary) lockouts!

    So I did a test and I can confirm that adding the ITSEC_DISABLE_MODULES constant to the wp-config.php file does not disable/ignore active (temporary) lockouts.

    I know that the lockout code isn’t implemented as a module (it’s embedded in the plugin core code) so looking at this from that perspective it all makes sense. Still I wonder should the constant also disable/ignore active (temporary) lockouts ? I think it could be usefull. Or perhaps even better, introduce a new constant (ITSEC_DISABLE_LOCKOUTS) for disabling only the lockout code (similar to the constant ITSEC_DISABLE_TWO_FACTOR for disabling only the Two Factor module).

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @bejjj, apologies for the slow turnaround here!

    The lockout screen you’ve experienced was most likely the (temporary) active lockout which expires after 15 mins. Can you please confirm that you can now log into your site without issues? If you’re still seeing the lockout screen, please let us know and we’ll dig further. Thank you!

    Hi @nlpro, great observation! I also tested on my end and the ITSEC_DISABLE_MODULES?constant did not disable the active lockout I triggered on my test site. I’ll escalate this to our dev team to confirm whether that constant should include active lockouts or not. If it’s expected not to include it, I’ll add your suggestion as a feature request. Thank you!

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @nlpro, thanks for waiting!

    I got a confirmation from the team that the ITSEC_DISABLE_MODULES?constant would only prevent new lockouts from being added, but existing lockouts would still be executed. For now, I’ve added your idea of a different constant to disable existing/active lockouts. I hope this helps.

    Hi @bejjja, hope all is good on your site!

    Tracking notifications on this forum can become tricky over time, and since we haven’t received a response, I’ll mark this post resolved. If you still require further assistance, feel free to open a new support topic, and we’d be happy to assist. Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Tags