Problem with the login lock

Hi @hari2014

I just cross checked with AIOS 5.2.5 admin set “Instantly lockout specific usernames” so after first attempt on second attempt it Blocks the IP and it works fine.

Can you cross check audit log do it have failed login for admin user logged 4 times ? Is the IP is same ? cam you send me that details and if possible stack trace if all 4 falied login attempts IPs are same.

https://snipboard.io/M26UD9.jpg

Regards

Yes, the IP is the same.
Stack-Trace :

array(21) { [0]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(12) “record_event” [“class”]=> string(33) “AIOWPSecurity_Audit_Event_Handler” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [1]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [2]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [3]=> array(4) { [“file”]=> string(129) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-audit-events.php” [“line”]=> int(498) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [4]=> array(6) { [“file”]=> string(127) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php” [“line”]=> int(201) [“function”]=> string(18) “event_failed_login” [“class”]=> string(26) “AIOWPSecurity_Audit_Events” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [5]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(17) “post_authenticate” [“class”]=> string(24) “AIOWPSecurity_User_Login” [“type”]=> string(2) “->” [“args”]=> array(0) { } } [6]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(205) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [7]=> array(4) { [“file”]=> string(63) “/var/www/clients/client147/web323/web/wp-includes/pluggable.php” [“line”]=> int(618) [“function”]=> string(13) “apply_filters” [“args”]=> array(1) { [0]=> string(0) “” } } [8]=> array(4) { [“file”]=> string(58) “/var/www/clients/client147/web323/web/wp-includes/user.php” [“line”]=> int(106) [“function”]=> string(15) “wp_authenticate” [“args”]=> array(0) { } } [9]=> array(4) { [“file”]=> string(144) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php” [“line”]=> int(1175) [“function”]=> string(9) “wp_signon” [“args”]=> array(1) { [0]=> string(0) “” } } [10]=> array(4) { [“file”]=> string(143) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-process-renamed-login-page.php” [“line”]=> int(208) [“args”]=> array(1) { [0]=> string(144) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php” } [“function”]=> string(12) “require_once” } [11]=> array(6) { [“file”]=> string(132) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-wp-loaded-tasks.php” [“line”]=> int(21) [“function”]=> string(24) “renamed_login_init_tasks” [“class”]=> string(40) “AIOWPSecurity_Process_Renamed_Login_Page” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [12]=> array(6) { [“file”]=> string(113) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php” [“line”]=> int(478) [“function”]=> string(11) “__construct” [“class”]=> string(29) “AIOWPSecurity_WP_Loaded_Tasks” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [13]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(24) “aiowps_wp_loaded_handler” [“class”]=> string(15) “AIO_WP_Security” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [14]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [15]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [16]=> array(4) { [“file”]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” [“line”]=> int(665) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [17]=> array(4) { [“file”]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” [“line”]=> int(122) [“args”]=> array(1) { [0]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” } [“function”]=> string(12) “require_once” } [18]=> array(4) { [“file”]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” [“line”]=> int(50) [“args”]=> array(1) { [0]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” } [“function”]=> string(12) “require_once” } [19]=> array(4) { [“file”]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” [“line”]=> int(13) [“args”]=> array(1) { [0]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” } [“function”]=> string(12) “require_once” } [20]=> array(4) { [“file”]=> string(47) “/var/www/clients/client147/web323/web/index.php” [“line”]=> int(17) [“args”]=> array(1) { [0]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” } [“function”]=> string(7) “require” } }

So far I have used the wifi. When I try to log in with my mobile phone WITHOUT WLAN I get this picture
HANDY

THANK YOU SO MUCH !!!

Hi @hari2014,

Ok, It seems the login page ( renamed ) is used not xml rpc call.

We will try cross check, but it is not the general case.

Regards

Hi @hari2014

If I cross check the again the login lockout working for admin user set as “Instantly lockout specific usernames” and try login on second login it redirects to 127.0.0.1

The Login List you attached is not AIOS list from where you see this list ? do hou have any other login related pluign there?

If you have any cache plugin try disable it and cross check.

If I cross check here https://haruby.de/login shows 403 forbidden error,

https://snipboard.io/x8QlOD.jpg

Do you have login whitelist enabled? It might be the reason it shows 403, If yes please define below contant in wp-config.php and try it will disable login whiltelisted IP so if your IP do not match with whitelisted though login page will load.

define( 'AIOS_DISABLE_LOGIN_WHITELIST', true ); 

Regards

So Sorry , i have a plugin named User Login History.
Had sent this protocol.

I did everything according to their instructions, unfortunately without success.
Here is the correct List from AUDIT PROTOKOLL (WP SECURITY)
I hope this Helps?!

array(18) { [0]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(12) “record_event” [“class”]=> string(33) “AIOWPSecurity_Audit_Event_Handler” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [1]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [2]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [3]=> array(4) { [“file”]=> string(129) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-audit-events.php” [“line”]=> int(546) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [4]=> array(6) { [“file”]=> string(127) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php” [“line”]=> int(582) [“function”]=> string(22) “event_successful_login” [“class”]=> string(26) “AIOWPSecurity_Audit_Events” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [5]=> array(6) { [“file”]=> string(127) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php” [“line”]=> int(618) [“function”]=> string(21) “update_login_activity” [“class”]=> string(24) “AIOWPSecurity_User_Login” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [6]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(23) “wp_login_action_handler” [“class”]=> string(24) “AIOWPSecurity_User_Login” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [7]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [8]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [9]=> array(4) { [“file”]=> string(92) “/var/www/clients/client147/web323/web/wp-content/plugins/autologin-links/autologin-links.php” [“line”]=> int(249) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [10]=> array(4) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(26) “pkg_autologin_authenticate” [“args”]=> array(1) { [0]=> string(0) “” } } [11]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [12]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [13]=> array(4) { [“file”]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” [“line”]=> int(643) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [14]=> array(4) { [“file”]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” [“line”]=> int(123) [“args”]=> array(1) { [0]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” } [“function”]=> string(12) “require_once” } [15]=> array(4) { [“file”]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” [“line”]=> int(50) [“args”]=> array(1) { [0]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” } [“function”]=> string(12) “require_once” } [16]=> array(4) { [“file”]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” [“line”]=> int(13) [“args”]=> array(1) { [0]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” } [“function”]=> string(12) “require_once” } [17]=> array(4) { [“file”]=> string(47) “/var/www/clients/client147/web323/web/index.php” [“line”]=> int(17) [“args”]=> array(1) { [0]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” } [“function”]=> string(7) “require” } }

No Cache Plugin enabled.
Thank you so much for this great Support !!!
Last Question :

Which switches have to be switched on or off and where in which menu for the login lock to work?

• This reply was modified 10 months, 1 week ago by hari2014.

Hi @hari2014

As per the audit log Auto login link called and is it the reason the login lockout seems do not work. Please cross check and try disable that plugin if it is an issue. Here audit log seems of successful login not failed login of amin so not sure.

wp-content/plugins/autologin-links/

Regards

Hello ,
Autologin Links deaktivated and deleted.
Test Login with Name admin . 4 Test , no Lock, but with the same IP.
Here the New Audit Protocol :

array(21) { [0]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(12) “record_event” [“class”]=> string(33) “AIOWPSecurity_Audit_Event_Handler” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [1]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [2]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [3]=> array(4) { [“file”]=> string(129) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-audit-events.php” [“line”]=> int(498) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [4]=> array(6) { [“file”]=> string(127) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php” [“line”]=> int(201) [“function”]=> string(18) “event_failed_login” [“class”]=> string(26) “AIOWPSecurity_Audit_Events” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [5]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(17) “post_authenticate” [“class”]=> string(24) “AIOWPSecurity_User_Login” [“type”]=> string(2) “->” [“args”]=> array(0) { } } [6]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(205) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [7]=> array(4) { [“file”]=> string(63) “/var/www/clients/client147/web323/web/wp-includes/pluggable.php” [“line”]=> int(618) [“function”]=> string(13) “apply_filters” [“args”]=> array(1) { [0]=> string(0) “” } } [8]=> array(4) { [“file”]=> string(58) “/var/www/clients/client147/web323/web/wp-includes/user.php” [“line”]=> int(106) [“function”]=> string(15) “wp_authenticate” [“args”]=> array(0) { } } [9]=> array(4) { [“file”]=> string(144) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php” [“line”]=> int(1175) [“function”]=> string(9) “wp_signon” [“args”]=> array(1) { [0]=> string(0) “” } } [10]=> array(4) { [“file”]=> string(143) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-process-renamed-login-page.php” [“line”]=> int(208) [“args”]=> array(1) { [0]=> string(144) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php” } [“function”]=> string(12) “require_once” } [11]=> array(6) { [“file”]=> string(132) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-wp-loaded-tasks.php” [“line”]=> int(21) [“function”]=> string(24) “renamed_login_init_tasks” [“class”]=> string(40) “AIOWPSecurity_Process_Renamed_Login_Page” [“type”]=> string(2) “::” [“args”]=> array(1) { [0]=> string(0) “” } } [12]=> array(6) { [“file”]=> string(113) “/var/www/clients/client147/web323/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php” [“line”]=> int(478) [“function”]=> string(11) “__construct” [“class”]=> string(29) “AIOWPSecurity_WP_Loaded_Tasks” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [13]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(324) [“function”]=> string(24) “aiowps_wp_loaded_handler” [“class”]=> string(15) “AIO_WP_Security” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [14]=> array(6) { [“file”]=> string(67) “/var/www/clients/client147/web323/web/wp-includes/class-wp-hook.php” [“line”]=> int(348) [“function”]=> string(13) “apply_filters” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [15]=> array(6) { [“file”]=> string(60) “/var/www/clients/client147/web323/web/wp-includes/plugin.php” [“line”]=> int(517) [“function”]=> string(9) “do_action” [“class”]=> string(7) “WP_Hook” [“type”]=> string(2) “->” [“args”]=> array(1) { [0]=> string(0) “” } } [16]=> array(4) { [“file”]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” [“line”]=> int(665) [“function”]=> string(9) “do_action” [“args”]=> array(1) { [0]=> string(0) “” } } [17]=> array(4) { [“file”]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” [“line”]=> int(123) [“args”]=> array(1) { [0]=> string(53) “/var/www/clients/client147/web323/web/wp-settings.php” } [“function”]=> string(12) “require_once” } [18]=> array(4) { [“file”]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” [“line”]=> int(50) [“args”]=> array(1) { [0]=> string(51) “/var/www/clients/client147/web323/web/wp-config.php” } [“function”]=> string(12) “require_once” } [19]=> array(4) { [“file”]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” [“line”]=> int(13) [“args”]=> array(1) { [0]=> string(49) “/var/www/clients/client147/web323/web/wp-load.php” } [“function”]=> string(12) “require_once” } [20]=> array(4) { [“file”]=> string(47) “/var/www/clients/client147/web323/web/index.php” [“line”]=> int(17) [“args”]=> array(1) { [0]=> string(56) “/var/www/clients/client147/web323/web/wp-blog-header.php” } [“function”]=> string(7) “require” } }

Hope this Help you.
And one again so much Thanks for your great Support !!

• This reply was modified 10 months, 1 week ago by hari2014.

I have found the error. After I have changed the setting to :
Activate function for renaming the login page and the login page is https://webseite/wp-login.php again, the lock function worked. See picture

User Admin blocked

Allow unlock requests also worked. If I hadn’t switched it on, I would probably have locked myself out.

OK. Close thread. Solved.

Thanks for Support !

So your plugin is the best there is. Everything seems to work 100% now.
See video
Post on Haruby
Regards. Hari

• This reply was modified 10 months ago by hari2014.
• This reply was modified 10 months ago by hari2014.

Hi @hari2014,

Ok, glad to know everything seems works now. closing this thread

Regards