WP SecureOps BruteForce blocking admin logins
-
We recently installed WP Ops brute force on a site that now intermittently says the admin user is banned due to “multiple login failed attempts”. The thing is, this is happening to two admins logging on from different IP’s. Can you tell me if the plug-in doesn’t care about IP address but only the userid being attempted? If that’s the case, the plugin has a serious issue… you really should ban an IP based on a given IP address’s login attempts (leaving the actual legitimate user to be able to log in from their non-banned IP). I am pretty sure that the site is being attacked sporadically but I only see 50 records matching ‘_transient_wpso_bfp_%’ or ‘_transient_timeout_wpso_bfp_%’ in the wp_options table. NONE of these records match my IP address however at the moment so can you tell me if once the lock-out expires, the record is flushed from wp_options? Finally, IMHO (and this is a WP issue I suspect) the wp_options records really should have a time-stamp to tell you when some IP was banned – that would be very helpful. Thanks in advance for your response.
- The topic ‘WP SecureOps BruteForce blocking admin logins’ is closed to new replies.
