Sam Hotchkiss

Hi Jeanae– this would have come as the result of failed logins from your IP. The block has probably cleared itself by now– can you try again? If you’re confident that you don’t have any malware on your computer, you can whitelist your own IP in the BruteProtect settings

Hi Rick– I’m working on setting up a cloudflare test site for us to work with– it’s going to take some time to propagate, so please stay tuned and I’ll update you early next week

Hi Rasolis, can I get an update on where everything stands at this point so that I can investigate further?

Please let me know a list of domains that are still reporting back as down, but are actually up, and I’ll get this checked out.

Thanks!
Sam

Whoops– updated, now with correct version numbers!

Hi Jay– thanks for your investigation into this– I don’t see any potential issues raised by your fix, so I’ve gone ahead and pushed it up as BP 2.3.3 (with props to you!)

Please let us know if you have any further issues!

Best,
Sam

It does need to be network activated, but you can set the stats to only show on the network admin.

You WILL see a slightly higher load with BruteProtect when it is first installed, as we cache information on IPs, but that should be reduced fairly quickly

We are releasing an update to BruteProtect today which will allow you to opt out of monitoring, which will resolve any issues with receiving too many emails.

Hi Caleb– we won’t be adding this as an option as we’re focusing our efforts on our integration into Jetpack. See: https://bruteprotect.com/bruteprotect-joins-automattic/

Thanks for your feedback!

Best,
Sam

Hey Paul– sorry for the delayed response on this– were you able to make any progress?

That’s a very strange error, as we explicitly are checking to make sure that it’s not a WP_Error in response.

Thanks, guys– we should be pushing version 2.3 within the next week or so, which will take care of these notices

Nope, BruteProtect does not modify your .htaccess file– there are some other tools that are able to do that.

Thanks!
Sam

Hey David– just so you know, we have built out a patch for this issue until WordPress core can be fixed. This patch will be included in the next version of BruteProtect

Hey David– yikes! I’m working on a patch for core, hopefully they can fix this in 4.0.1, but certainly for 4.1.

We’re also looking at a way to fix this manually in the interim.

Hey David,

When XML-RPC authenticates a user (see class-wp-xmlrpc-server.php:182) it calls the “wp_authenticate” function. If you refer to that function (see pluggable.php:521), you can see that the wp_login_failed hook is called.

When an xmlrpc login fails, it ALSO calls xmlrpc_login_error, but this is in addition to wp_login_failed

Am I missing something?

Best,
Sam

Hey JD– were the repeated attempts actually SUBMITTING the login form? What domain is this for? (you can submit it through our contact form on bruteprotect.com if you don’t want to share publicly)