Login Security blocks access for all users – reset email doesn’t work

  • Resolved ftahumour

    (@ftahumour)


    4 years, 9 months ago

    In short Im currently attempting to evaluate the functionality of this product with a view to buying the premium version but I am facing some very confusing information and behaviour which is making me reluctant to pay only then to find out it’s limitations.

    1. Login security was enabled with 10 false positive attempts within 2hrs = 1 day lockout. In addition RecaptchaV3 was enabled. My admin account was also 2FA enabled.
    The plugin reported various false positives over the past X days and has subsequently locked “everybody” out of the site, myself included – “Your access has been temporarily limited by the site owner” HTTP response 503!

    Ok, but using the “send unlock email” on the notification page does nothing! I have tested that SMTP is functional on my site and I’m able to send test email to 2 site admin email addresses. Neither one of those received any email to help unlock the Wordfence lock. I had to SFTP to regain access to my site?

    2. ALL of the live traffic notifications (false positive login attempts + genuine site users/admins logins) are being reported in the list with the same source IP address, the same Geo location and hostname! This address = my hosting provider (Everyone = the same source IP and host information, which is incorrect as I can evidence logins from known users in a different Geo location)! I’m perplexed regarding this behaviour.

    Env = Apache
    WP = 5.4.2
    PHP = 7.2.29

    Site specifics will only be provided on request and in private.

    Please help me understand this product/behaviours so I don’t have to ditch it so early on and look for another solution.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hey @ftahumour,

    Thanks for the detailed information.

    The 503 error likely is related to the Rate Limiting feature.

    https://www.wordfence.com/help/firewall/rate-limiting/

    It sounds like Wordfence may not be correctly identifying your IP. Can you please check your How does Wordfence get IPs to see if your IP is being shown? If it isn’t, can you please cycle through the settings until it does?

    https://www.wordfence.com/help/dashboard/options/#general-wordfence-options

    Regarding the reset email issue, just to be certain, have you checked your spam/junk?

    Please let me know what you find.

    Thanks,

    Gerroald

    • This reply was modified 4 years, 9 months ago by WFGerroald.
    • This reply was modified 4 years, 9 months ago by WFGerroald.
    Thread Starter ftahumour

    (@ftahumour)

    Hi Gerroald,

    Thanks for the response.

    The WF IP identification has now been resolved. It took a while to figure out that the hosting provider has migrated hosts as part of an upgrade and had then created forwarders to redirect to the new host. This in fact was the route cause as it was reporting the old host IP for ALL login attempts in the Firewall. Once I changed the A records in my registrar and allowed this to propagate then that issue was resolved. I did have to switch from Recommended to CDN and save, then revert the configuration and save again to reflect this in WF, but that may have been co-incidental.

    The issue with emailing during the 503 event still stands. I was able to verify after I created a second Administrator account and then attempted to login from the same geo location (login with 2 different accounts from the same IP), my primary account was then locked and when I requested for an email to be sent to me to unlock, nothing happened. No emails in spam/junk etc. I have separately tested sending the WF report to my email account and that works fine, so unsure as to why the recovery part isnt working. I’m using the WP Mail SMTP plugin so I can use use a domain managed service account that is O365 licensed for SMTP purpose, not sure if this is relevant or not, but its working for all other functions relying on SMTP for reporting/notifications, etc.

    Hey @ftahumour,

    Thanks for the update, and happy to hear you were able to track down the IP issue.

    When sites have trouble sending emails I typically advise using an SMTP plugin, so I don’t think it’s the issue. I know you mentioned these are the only emails you are not receiving, but for the sake of being thorough can you please try one more test by navigating to Tools > Diagnostics > Other Test, which is at the very bottom of the page. You’ll notice two options to send test emails.

    Send a test email from this WordPress server to an email address
    Send a test activity report email

    If they both arrive as well I’ll bump the developers for their thoughts.

    Please let me know how it goes.

    Thanks,

    Gerroald

    • This reply was modified 4 years, 9 months ago by WFGerroald.
    Thread Starter ftahumour

    (@ftahumour)

    Hi Gerroald,

    already done this earlier in the day whilst troubleshooting. Both tests were successful.

    Sorry to bear bad news on this one.

    Hey @ftahumour,

    I’m bumping the developers on this.

    As one last test ( for now ?? ) can you try disabling the SMTP plugin and let me know if it helps? I’ll be honest, I don’t think it’s the cause, but it could be and I’d like to gather as much information as I can to share.

    Thanks,

    Gerroald

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Login Security blocks access for all users – reset email doesn’t work’ is closed to new replies.