Some registered users get blocked

  • Resolved skylar180

    (@skylar180)


    6 years, 1 month ago

    I have wordfence and also the plugin stopspammers because I used to get so many spammers registering. In case you aren’t familiar,StopSpammers is supposed to stop spammer registration by comparing emails and ipaddresses to lists on stopforumspam, projecthoneypot and botscout. So it seems that the registered new users are legit. I also have a confirmation email that requires them to get an email and set a password. It seems that they all can do this but then a few of them get locked out when they try to log in. It happens too many times to be a user error. It’s like certain people are just always blocked. My site doesn’t get too much traffic, maybe 300-600/day. So I checked live traffic and the ip addresses for the blocked users sometimes show human and sometimes bot.

    I can’t figure out why they’re blocked though. It’s a problem because I don’t want to send newsletters to spammers inviting them to my site, but at the same time I don’t want to annoy a sincere reader who wants to log in and post. How can I know the difference?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @skylar180,

    Can you post a screenshot of your live traffic and what types of users are getting blocked?

    Take a look at Wordfence -> All Options -> Rate Limiting, maybe try changing some settings there so users aren’t getting blocked as often.

    Dave

    Thread Starter skylar180

    (@skylar180)

    Hi Dave, the last blocked user is no longer saved in the live traffic because it was yesterday and the day before. but I have a screen shot of the failed and successful login attempts in the firewall dashboard. I’ve obfuscated ip addresses and email (to protect the innocent and the guilty) but it still shows the pattern. Notice that Jamr failed twice at 10:23 but was successful at 10:45. But Christina failed 4 times on 2 days, despite trying different names and different IP addresses.

    Also, I keep getting people trying to login with “this_is_an_invalid_email”. What’s that about? Do people seriously think that’s going to be a username? Or is that an indication of some kind of ridiculous malware attempting a go-around?

    Hmm… I just realized that I don’t know how to post a screen shot here. Can you direct me to the link?

    Thread Starter skylar180

    (@skylar180)

    Failed logins

    Successful logins

    okay, I think I figured out how to post the screen shot.

    Thread Starter skylar180

    (@skylar180)

    Here is the last notification I’ve received in my email:
    A user with IP addr 107.xx.xxx.x has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: ‘[email protected]’.
    The duration of the lockout is 4 hours.
    User IP: 107..xxx.xxx.x
    User hostname: mobile-107-xx-xxx-x.mobile.att.net
    User location: United States

    wfdave

    (@wfdave)

    I would recommend setting the maximum number of login failures to 20.

    Go to Wordfence -> All Options -> Brute Force Protection (scroll down)

    Set Lock out after how many login failures to 20

    wfdave

    (@wfdave)

    Hi again ??

    We haven’t heard back from you in a while. I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Some registered users get blocked’ is closed to new replies.