Login Security Solution is blocking my login attempts

Oh yeah, I forgot to mention. I _do_ receive the “Potential Intrusion” and “Verify you logged in” email messages, just not any messages with links to reset my password.

Thanks!

There are a few possibilities:
* The user name or email address you’re entering in the reset request page is incorrect
* The email address stored in your WP install for the account in question is different than you think it is
* Spam filtering on the destination account’s server

To get around these issues, you’ll need to log into your web server via SSH and look at the database to figure out / edit the email address being used.

Thanks for the reply. The user name I entered was the same user name being attacked, so I know the user name was correct. Otherwise, I wouldn’t have had any login issues. ?? This is the same user name I’ve been using for well over a year.

The email address associated with the user account in question is the same email address to which the notification messages were being sent. I accessed the database using another means to confirm this info. Something else I noticed, when I look at the main WordPress login page, I DO NOT see any “forgot password” link so maybe that’s related to my not getting any messages about resetting passwords.

In any event, I managed to login to my account. I took other measures to thwart the attack, waited a few hours, cleared the “force password reset” flag, and then I was able to login. During all this, I found it would have been nice to somehow get my current IP address logged as a validated or verified IP address, especially since the attack was coming from IP addresses not associated with my ISP and from which there had never been a previous successful login.

So, thinks are ok for now.

Thanks!

Oh, yes, there’s a fourth alternative to add to my list: you didn’t actually go through the password reset process. ?? On you site’s “/wp-login.php” page should be a link saying “Lost your password?” (or a translation thereof). Click that, fill in the user name or email address, click the “Get New Password” button. THAT is what generates the email. It is built into WordPress core.

it would have been nice to somehow get my current IP address logged as a validated or verified IP address

The plugin does have that feature… using the IP address used during the password reset process. ??

Thanks for the reply. My wp-login.php page shows _only_ the username and password fields and no “Lost your password” link at all. So, that must be related to why I’m not actually going through the password reset function.

As for the verified IP address, yes I realize that I have to go through the password reset function to get the IP address verified. I think somehow having the ability to get a valid IP address verified, outside of the password reset process, would be great. I fully understand preventing “bad” IP addresses from being verified, which makes verifying IP addresses outside of the password reset process difficult. I imagine if one’s email account was compromised such that password reset messages were being intercepted, a hacker could subvert the verified IP address feature and get a “bad” IP address verified.

In any event, if my current IP address had somehow been verified, I wouldn’t have had the login problems I did. I don’t think it would be prudent to reset my WordPress password each time my IP address changes (since it doesn’t change very often) but that might be one option. I’m just thinking out loud. ??

So, now I’m off to figure out why the ‘Lost password’ link doesn’t appear on the wp-login page.

Thanks again!

Please help me with an issue. I cannot conect to dashboard only if I rename the plugin folder in ftp. When I connect without rename the folder, I am getting the reset by email procedure. But if I try this, I’m getting the message that this is not permitted for this account. How do I manage this? Thanks in advance.

I think somehow having the ability to get a valid IP address verified, outside of the password reset process, would be great.

I agree! We do not use WP passwords for authentication, so we never go through the password reset, which means our IPs are never whitelisted. I think it should build up a whitelist based on initial successful logins and evaluate based on that.