False Positives on Login

  • Resolved dankop

    (@dankop)


    4 years, 3 months ago

    I’m getting pretty consistent false positives when I’m trying to login into my website – the usual –

    Request Cooldown in effect. You must wait 3 seconds before attempting this action again.
Warning: Repeated login attempts that fail will result in a complete ban of your IP Address.

    However, even if I wait 3 seconds, or more, I get denied access again, and again. This is usually only solved (sometimes) by closing the tab in the browser, and opening the website in a new one.

    Is there any way to prevent this from happening? I don’t have a static IP address.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Do you have a lot of users on your site? Is it possible other people are triggering the login cooldown besides yourself?

    The cooldown isn’t just against your IP, it’s for the entire site.

    Also, if you have a lot of bots trying to access your site and sending requests to your login page, you’ll have a similar problem.

    I would suggest you try lowering your cooldown period so it’s less likely you’ll get blocked.

    Thread Starter dankop

    (@dankop)

    Yeah, that’s seems to be the issue. I get a bot login attempt every 10 seconds or so based on the Audit Trail.

    I’ve now enabled the “Hide WordPress Login Page” option in the plugin. Hopefully it stops some of the bot attempts.

    Any other suggestions in dealing with bots? If not, thanks anyways, I understand the issue now. Cheers.

    Plugin Author Paul

    (@paultgoodchild)

    The paid version has more rules in there and options for blocking repeated probing activity from bots such that they’ll be entirely blocked from accessing a site if they’re persistent.

    Make sure under Block Bad IP/Visitors > Login Bots > Failed logins is set to increment

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘False Positives on Login’ is closed to new replies.