HTTP response code 503 – Reason: Blocked by login security setting

  • Resolved 247web

    (@247web)


    6 years, 7 months ago

    My clients are panicking when they get this message on the screen (over 8 websites are effected) – it causes total confusion and clients send frantic emails to our hosting company, support, etc, etc. –

    They try to follow the part “important note for the site admins” (LOL!) and wonder why its not working.

    (1) It appears to all users that fail the login or password more than 5 times (settings block for 2 hours).

    (2) Surely it is not necessary to display all this text – just up to the “important note part”?

    (3) The message is misleading … “try again in a few minutes?” – (a) what if blocking has been set to 2 hours or more? (b) Clients with access to “admin” think that it applies to them as well.

    (4) Why on earth should those other instructions appear to non admin users and more importantly, you are even telling a hacker what software we are using! This has got be a security problem!

    (5) How do we remove this extended text? Surely, any administrator worth their salt will know how to proceed – they dont have to be told what to do.

    This is the message in question:

    Your access to this site has been limited
    Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)
    Reason: Blocked by login security setting
    Important note for site admins: If you
    are the administrator of this website note that your access has been
    limited because you broke one of the Wordfence advanced blocking rules.
    The reason your access was limited is: “Blocked by login security setting”.

    If this is a false positive, meaning that your access to your own site
    has been limited incorrectly, then you
    will need to regain access to your site, go to the Wordfence “options”
    page, go to the section for Rate Limiting Rules and disable the rule
    that caused you to be blocked. For example,
    if you were blocked because it was detected that you are a fake Google
    crawler, then disable the rule that blocks fake google crawlers. Or if
    you were blocked because you
    were accessing your site too quickly, then increase the number of
    accesses allowed per minute.

    If you’re still having trouble, then simply disable the Wordfence advanced blocking and you will
    still benefit from the other security features that Wordfence provides.

    If you are a site administrator and have been accidentally locked out,
    please enter your email in the box below and click “Send”. If the email
    address you enter belongs to a known site administrator or someone set
    to receive Wordfence alerts, we will send you an email to help you
    regain access. Please read this FAQ entry if this does not work.
    :

Viewing 3 replies - 1 through 3 (of 3 total)
  • Adam

    (@adamlachut)

    Your clients get this message because you have enabled this feature (‘Brute Force Protection’) and you have set up (too restricted) rules.

    A.

    Thread Starter 247web

    (@247web)

    Adam, yes of course I know that – I have been a WF user for many many years.

    These were my questions

    (2) Surely it is not necessary to display all this text – just up to the “important note part”?

    (3) The message is misleading … “try again in a few minutes?” – (a) what if blocking has been set to 2 hours or more? (b) Clients with access to “admin” think that it applies to them as well.

    (4) Why on earth should those other instructions appear to non admin users and more importantly, you are even telling a hacker what software we are using! This has got be a security problem!

    (5) How do we remove this extended text? Surely, any administrator worth their salt will know how to proceed – they dont have to be told what to do.

    Thank you.

    Hi @247web,

    Our developers are working on a feature to customize the text users see when they are locked out or blocked; and the “Locked out” page is being redesigned.

    (For reference the internal ticket is #FB521)

    For information, other users have chosen to modify the code in order to customize the “Locked out” page, but this is not something we recommend –also, all changes will be overwritten every time you update Wordfence.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘HTTP response code 503 – Reason: Blocked by login security setting’ is closed to new replies.