I always get locked out!

  • Resolved poimandres

    (@poimandres)


    4 years, 8 months ago

    I can’t log in to my site. This plugin never lets me in. I have to delete it manually. Only then can I log in. If I then reinstall it, reactivate it and log out, I get locked out again! It always says:

    “ERROR: Too many failed login attempts. Please try again in 18 hours.
    You can also try resetting your password and that should help you to log in.”

    Waiting 18 hours doesn’t work.

    Resetting my password doesn’t work.

    I added my IP in the Whitelist box. That didn’t work, either.

    Also, in the list of lockouts, I see hundreds of lockouts per day. Is that normal?

    Can anyone help, please?

Viewing 15 replies - 1 through 15 (of 16 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Please copy and paste here information from the Debug tab of the plugin.

    > Also, in the list of lockouts, I see hundreds of lockouts per day. Is that normal?

    This means your site is under attack, like many others. Pretty normal nowadays.

    Thread Starter poimandres

    (@poimandres)

    Thanks, I appreciate your attempt to help, but I deleted the plugin. Not sure what the problem was.

    Thread Starter poimandres

    (@poimandres)

    I have installed a different plugin that limits login attempts, and I am seeing the same problem! I am constantly being locked out. All I see every time I try to log in is:

    “ERROR: Too many failed login attempts. Please try again in 24 hours.”

    Can anyone tell me what’s going on, please?

    Thread Starter poimandres

    (@poimandres)

    I have reinstalled the Limit Login Attempts Reloaded plugin, as it’s the most popular one, but I am still getting locked out. The only way I can log in is if I delete the plugin using FTP. After I log back in, I always reinstall the plugin because I need the security.

    Why do none of these limit login attempt plugins work on my site? I always see:

    “ERROR: Too many failed login attempts. Please try again in # hours.”

    Can anyone help, please?

    Plugin Author WPChef

    (@wpchefgadget)

    > Why do none of these limit login attempt plugins work on my site? I always see:

    B/c your server is misconfigured.

    Please copy and paste here information from the Debug tab of the plugin.

    Thread Starter poimandres

    (@poimandres)

    Thanks, WPChef.

    I still have this problem! The only way I can log in is if I delete the plugin first using FTP. I must then reinstall it immediately because people are always trying to get in.

    The Debug info box contains this:

    HTTP_X_MIDDLETON_IP = IP0
    HTTP_X_REAL_IP = IP0
    REMOTE_ADDR = IP1

    If you can help, I’ll be very grateful. ??

    Hi, I have a similar problem, Pluggin reports a lot of login attemps for all my users and users that actually doesn’t exist, but all these attemps are reported with the same ip, that actually is my server ip. help please.

    Plugin Author WPChef

    (@wpchefgadget)

    Hi guys,

    @poimandres to solve this via the plugin, you should put “HTTP_X_REAL_IP” into the trusted IP origins field. This is highly not recommended though! You should ask your hosting provider to fix the problem with your REMOTE_ADDR being incorrect.

    @omaraf please copy and paste here information from the Debug tab of the plugin.

    Hi, this the information for the Debug tab.

    HTTP_X_REAL_IP = IP0
    HTTP_X_FORWARDED_FOR = IP0
    REMOTE_ADDR = IP1

    As an adittional information I use NGINX in my server, help me please.

    This is the report of blocked accounts from the pluggin.
    Limit_login_attemps_report

    • This reply was modified 4 years, 7 months ago by omaraf.
    • This reply was modified 4 years, 7 months ago by omaraf.

    HI

    I am facing exactly the same issue since 4-5 hours.

    To login I have to disable the plugin from my cpanel.

    But the moment I activate it the issue starts recurring.

    The debug log

    HTTP_X_FORWARDED_FOR = IP0
    HTTP_X_REAL_IP = IP0
    HTTP_X_SUCURI_CLIENTIP = IP0
    REMOTE_ADDR = IP1

    Please suggest a solution.

    Regards

    Shailesh

    Hi, the problem is because NGINX, pluggin
    recognizes all ip’s with the same number. Try adding “HTTP_X_REAL_IP” into the trusted IP origins field. It works for me.

    kenhampel

    (@kenhampel)

    All IP addresses are the same and all users keep getting locked out. Please help.

    REMOTE_ADDR = IP0
    HTTP_X_FORWARDED_FOR = IP1
    HTTP_X_REAL_IP = IP2

    Kage

    (@kagesausage)

    Hi, @wpchefgadget

    I’ve got these debug info, please help.

    HTTP_X_REAL_IP = IP0
    HTTP_X_FORWARDED_FOR = IP0
    REMOTE_ADDR = IP1

    Please suggest a solution.

    Thanks & Regards!!
    Kage

    Plugin Author WPChef

    (@wpchefgadget)

    Hi guys,

    Adding “HTTP_X_REAL_IP” into the trusted IP origins field should help.

    Kage

    (@kagesausage)

    Hi @wpchefgadget

    I’ve added into trusted IP origins like this:
    Trusted IP Origins –> HTTP_X_REAL_IP, REMOTE_ADDR

    Was this format alright? Because I still got debug info:
    HTTP_X_REAL_IP = IP0
    HTTP_X_FORWARDED_FOR = IP0
    REMOTE_ADDR = IP1

    May I also ask:
    1. what is the meaning of HTTP_X_REAL_IP?
    2. what is the meaning of “HH hours until retries are reset”?
    3. If admin has been locked up, how to login to back end for managing website?

    Please suggest a solution.

    Thanks & Regards!!
    Kage

    • This reply was modified 3 years, 11 months ago by Kage.
    • This reply was modified 3 years, 11 months ago by Kage.
Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘I always get locked out!’ is closed to new replies.