hoochie

Yes – disabled it per original post. Just thought I would check here to see if I may have done something incorrectly in setting it up. However, both users who have IPV6 were blocked from site ‘403 – Forbidden’ IPV4 users had no problems accessing admin.

2607:f2c0:e990:e:55ea:3c09:8fce:ce51

Thank you

Yes – I have 2 Editors who login from IPV6. Everyone else is IPV4 (no issues). However both IPV6 users get at 403 page error and are not able to access the wp-admin login page. Immediately goes to 403 Forbidden.

I disabled AIOWPS and they were able to login. When I re-enabled, AIOWPS asked to re-apply .htaccess changes > Yes. They were immediately bumped out.

So then went through each setting. IPV6 addresses where entered in the Brute Force – IP Login Whitelist but still got 403. When I turned BF – IP Login WL then they were able to get to wp-admin and login.

Yes I am familiar with this proceedure… LOL

Funny I can get to my login page in Incognito and Safari but not the regular Chrome browser.

Thanks Amagsumov!

Thank you Amagsumov … Might just be my Chrome browser is not clearing its cache.

H

I tested cleantalk with the stop_email…

Should I go to cleantalk dashboard and delete that test, or whitelist the IP address since it’s mine?

Thanks

Hi

Deleted folder and then tried to login >> got 404.

Then tried incognito and was able to get to the login page. So not sure what is happening.

Using Chrome: So dumped cookies and cache … still getting 404.

But from incognito seems to work.

Hi Amagsumov:

I don’t have that plugin file.

But have this one: cleantalk-spam-protect.

Should I delete that one?

Thanks Raul;

I’ve disabled those other minification plugins – unfortunately seems to not play nice with Revslider.

I tried adding the js exception (actually thought it was already there) but no go.

On my other site (no rev slider) this works well on my staging site – put doesn’t work on my production site (weird). So have to play around some more.

hmmmm – my DNS is set for various records… maybe I need to create this as well. Can you share the code you created for this re-direct? Minus the specific info, of course.

Did it look like something similar to this?

<?xml version=”1.0″ encoding=”utf-8″?>
<Autodiscover xmlns=”https://schemas.microsoft.com/exchange/autodiscover/responseschema/2006″>
  <Response xmlns=”https://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a”>
    <Account>
      <AccountType>email</AccountType>
      <Action>redirectUrl</Action>
      <RedirectUrl>https://autodiscover.yourdomainname.com/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
  </Response>
</Autodiscover>

Thanks

Thanks – I do have this set… and for 60 days.

Here’s what I did since there are only 2 people who need access to the backend of the site.

I have enable the following in the OPTIONS tab of WF:
– Immediately lock out invalid usernames
– Don’t let WordPress reveal valid users in login errors
– Prevent users registering ‘admin’ username if it doesn’t exist
– Prevent discovery of usernames through ‘/?author=N’ scans and the oEmbed API

– I have also set the lock out to 60 days.
Also MTN suggested a plugin to mask the login page (rename it). I use one called Hide-My-WP. This is a paid app that also masks that you have WP and WP theme.

Seems to be working for me …

Well he’s a good guy. I didn’t charge him for the work… he’s trying to grow his business and he knows more about landscaping than I, so I try to help him out.

Chose WP because it was fast for me to get him up and running. Initially he wanted to do DIY videos so people learn how to not get fed a bunch of bahhhoooowwwie… you know. Videos etc.

Fact is I’m kinda the same – DIY web… I use to use dreamweaver (I’m aging myself now) and built a few very basic early sites. WP appealed to me because I could spend more time satisfying my creative & content bug. I guess there is something to be said about ‘KISS’

I do like how WP makes it easy for the little guy to play like the big companies…shame that there are peeps that take advantage of small business guys like my friend…

But I can say this has opened my eyes… I turned on my live traffic feed in Wordfence on another site I do for a charity and it’s getting hit as well ….

Spoke with my hosting provider… ‘Oh we have a service for that… it’s $199/mo min 3 months’ …. boys easy now… that’s 15X what I’m paying you to host this problem … see ya I said.

MTN – I do enjoy this conversation – very enlightening…

well unfortunately… my little website is for a buddy of mine who has a landscaping company. Just a 1 page WP site …. just launched it (but used Wordfence right out of the gate).

I’m surprised the bots have found me faster than Google’s search engine – LOL!

Well I tried hiding the login page…. still getting email alerts… I did use a plugin called Hide My WP Login…. takes a bit more work but at using that plugin allows me to country block IP’s. Might give that one a go…

I can tell you that this bot (or whatever it is) is pretty dam fast switching from one country IP to another…. maybe time to ramp up my other wp sites I’ve done for my friends… and a charity I do work for…. don’t need a headache….but I fear one maybe coming on.

thanks mountainguy2 – I couldn’t believe the number of attempts and alerts I was getting. Pretty obvious if someone is trying to get in when you get that many emails… so it’s clear that they are not really concerned about their IP’s being discovered.

I have also used WP Hide Login on a site previously – needless to say I had to really keep an eye on that site and the plugin did it’s job.

I made some adjustments in the “option” section which has seemed to quite things down for a bit…. could be they’ve moved on to another site….. maybe I spoke to soon… just got another email.

Well thanks for reminding me of WP Hide Login…. might be time I fired that one up!