WordFence blocking my users’ IP and referring them to my hosting provider!

  • Resolved jeffmcml

    (@jeffmcml)


    6 years, 8 months ago

    Hi, I received complaints from my hosting provider (Happy Dog) that they are receiving support requests from my users about their IP being blocked. This is just not appropriate – I can unblock people if needed, from the Wordfence Firewall screen.

    I originally had the number of failures before lockout set to 3, increased it to 5, and now to 10. I really don’t believe my users are failing 10 login attempts, and they say that is not happening, but the problem continues. Regardless of the login failure count, I don’t want to burden hosting support with this problem. See an email from them below:

    “As you may know, our firewall blocks an IP if there have been 10 consecutive WordPress login failures from that IP. Over the past few days we have had a ton of support requests to unblock IPs from the siskiyouvelo.org account. This is beginning to become an issue with us as it appears your software may be causing this. A typical message from your users is that all they were trying to do was to change their password and none of them remember having 10 password failures. We are quite certain the issue is not on our end as our firewall blocks hundreds of illegitimate WordPress attempts every day without any false positives. Can you please look into this as soon as possible?”

    Thanks,
    Jeff

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter jeffmcml

    (@jeffmcml)

    Sorry, I was wrong about something above – the lockout is occuring on the hosting side due to 10 login failures. However, my Wordfence parameter was set to 3, then 5 login failures. I briefly set it to 10, now I just disabled the entire “brute force protection feature.

    How can this happen? I see no way to just disable the Wordfence login failure lockout, so do I have to disable the entire Wordfence “brute force protection” feature?

    Jeff

    Hi Jeff,
    Answering to your question, you can set “Lock out after how many login failures” to something like “500” trials for example, for sure that shouldn’t lockout any false positives, however there are two things to consider here, the first is to make sure users are getting blocked because of this feature, to do that please share a screenshot for the page users see after getting blocked as redirecting back to your hosting provider isn’t a Wordfence behavior. The second thing is to make sure that Wordfence can detect users’ IPs correctly, to do so please go to (Wordfence > Tools > Diagnostics) then check the “IPs section” to make sure your own IP is detected correctly there.

    Let me know how it goes,
    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordFence blocking my users’ IP and referring them to my hosting provider!’ is closed to new replies.