Svenpeter

Hi,
Thanks for fast reply and your help. I am aware of the wp-config, htacess and user.ini file, and have changes to them before, but this proposal became a little too advanced for me, I am not really sure what to check for.
But, how I believe WP Staging works is that it makes an identical copy of the site on a subdomain name to our live site. Then, it is possible to update the plugins one by one on that “test-site”, to look for any issues. I can not say what refers to what when the plugins are updated, but I would expect that most (but perhaps not exactly every file) is replaced/updated.
I think I will actually make a copy of the site again, and then try to update on the live site directly to see if there are some errors there as well (hope not), and then your suggestion would make sense (i.e. the All in one Security Plugin can not be tested with WP Staging), which in a way is a little sad, as it would be just excellent if we could test your plugin as well in they environment. I am pretty sure quite many users of the WP Staging would feel the same.
Do you think it is a good idea testing to update on the live site? If so, then this is what I will do next I think.
Many thanks in advance. Peter

Hi,
Yes, all you propose above is now made. We had the 404 detection set on “on”. Have now deleted all 404 in the _events table. Added the most common IPs to the block list. And set the 30 day limit for logging. So now should be better in the future. I will keep looking a while in the table to see what comes in the close future.
Many thanks for helping out.
best regards, Peter

Hi,
I made an export from the database to pdf. See attached file. Hope that makes sense. Am sending it in wetransfer link instead, see this: https://we.tl/t-sUzkaIgMjn

Is this normal? Feels like A LOT of information here, to what use? Is there a way to set the clearing of this (if it is not needed) more often? How much statistic in this table should be normal (if good to have)?

Many thanks in advance for your help.

Best regards, Peter

Hi again,
Went to google for more advice. Then your own FAQ was the first result (searching for WordPress login 127.0.0.1), the advice was to go into the admin panel and check the Permanent block list. Funny enough, here I found my IP adress (from whatsmyip in Safari), clicked unblock, and then tested. Now it works again going in via Safari. So some times the more easier steps is the one to try first (I think we went too fast into the database tables, that now was all cleared out in these two tables). I hope WP Security will find the new attempts and put them in the tables again if they try.
So, issue is now solved. Thanks for your help.

Just one more questions, now that I am in the tables in the database, I see we have 14144 aiowps_events – does this not seem a lot? What are these for, should I remove them perhaps?

Many thanks, Peter

Hi again, looking at the other aiowps tables, there is 14551 rows in the aiowps_events – is this normal and necessary? Perhaps has nothing to do with the issue above – but what is this doing – should I remove some of these perhaps (just for cleanup).
Many thanks. Peter

Hi,
Sorry for late reply, its been to much other things to do (I can use incognito browser to log in to manage the site).
I did now remove all IPs in these tables:

– Aiowps_login_lockdown (approximation 308)
– Aiowps_permanent_lockdown (approx 15)

Then, in my safari browser, I cleaned cache and tried to log in, but still come to 127.0.0.1 (message Safari could not open the page as it could not connect to the server). Still, on the incognito browser I can log in. So no change from removing all the IPs in the tables above.

Please help me to get to the bottom of this!
Many thanks. Peter

Hi,
OK, my IP (using standard Safari checking at whatsismyipaddress.com) is 81.XXX.XXX.XX. It is not to be found (as said before) in any of these two tables.
Should I remove all IPs in these two tables?
Best regards, Peter

Hi again,

Now checked using incognito/private Safari, and as expected I can not get into the site.

Would it be a good way for me to delete every IP in the database in the two tables?
– Aiowps_login_lockdown (approximation 308)
– Aiowps_permanent_lockdown (approx 15)

Many thanks. Peter

Hi,

Just for the record, please see the very very first post in this support thread, where I say to you: The only way to get into our WordPress site is to use Thor incognito browser.

I will test incognito Safari to see if I can get in (if using the same blocked IP, I would expect not then, if this issue is due to a blocked IP….).

Will get back to you in short when tested.

Many thanks. Peter

Hi,
First of all, we need to keep in mind that I am ONLY able to visit and log in to the site, using an incognito browser, in my case Thor browser. So when checking IPs inside the WP Security settings page, of course I am visiting the web page with the Thor browser. Most likely this “messes up” the IPs, trying to be incognito (perhaps that is why it is not blocked….).
So, It is really hard for me to do this kind of comparison.
The really only way for me to see the current IP is to use the normal Safari browser, which we normally use and see going here: https://whatismyipaddress.com/
So, from this information, how would you like me to proceed?

Secondly, I have now lost you on your last reply, this part “here your IP detected is 109.XXX.XXX.XXX is not the correct Choose a $_SERVER variable correct to detect visitors’ IP.” – I do not understand this at all. Please explain more simply what you want me to do (if anything).

The current IP we have, from https://whatismyipaddress.com/, using Safari normal browser is 81.XXX.XXX.XX. I show you in this link bellow what the settings panel (using Thor browser) is showing right now (different of course).

Last part “Also please cross check this IP 109.XXX.XXX.XXX is not in login lockout table with 404 lockout.” – well the 109.xxx.xxx.xxx was now collected from inside the Thor incognito browser when visiting the WordPress page, and I do not know if this is relevant to search for?

And what shows inside the WP Security settings advance seem to change (perhaps the only way I can get there is via Thor), so right now it shows as this link: https://we.tl/t-aJ54Ikpa1C (it is different IP today from yesterday).

And, I do not know where to search the 404 lockdown. I have now checked the database in these tables, can not find any of these IPs:
– Aiowps_login_lockdown
– Aiowps_permanent_lockdown

In both these tables, there is not the Safari IP number 81.XXX.XXX.XX or the one I see in WordPress WP Security the 109.xx.xxx.xx (as it is today in Thor) or 109.XXX.XXX.XXX (as it was yesterday in Thor).

Please advice from here. And explain very well/clear, so I know what to do. Many thanks. Peter

Hi,
Well, that I did not know. Went here to check, and it does not show the same IP as https://whatismyipaddress.com/

I will show you a screen show of the settings here, using Wetransfer link here: https://we.tl/t-E1wJRr5lvR

Many thanks in advance. Peter

Hi,
Now checked, my current IP is not in here.
For checking my IP I use this service, hope this is showing the correct information: https://whatismyipaddress.com
Many thanks in advance. Peter

Hi,
Yes, in the ip_permanent_block there were only these 10 IPs.
Well, I now also checked the login_lockdown – here are 308 of IPs over three years time, I think it is hard for me to change all of these just to test, this would take ages…….
I start with checking if my IP is here. Will get back to you.
Many thanks for now. Peter

Hi,
OK, I think I understand. I have now changed like this:

185.36.102.114 -> 285.36.102.114

104.254.90.195 -> 114.254.90.195

109.230.203.121 -> 209.230.203.121

130.185.152.132 -> 140.185.152.132

139.28.218.235 -> 159.28.218.235

38.154.133.41 -> 138.154.133.41

45.129.56.151 -> 145.129.56.151

18.163.115.187 -> 118.163.115.187

83.85.247.106 -> 183.85.247.106

50.114.84.225 ->?150.114.84.225

I checked the dates for when these spam permanent block IPs were made, and the first one above is from 2017, and all the rest is from February, march and April this year (not may, when I got the issue, just the recent couple of days, when this thread started).

Then cleared cache and tried loggin in, it does not work.

Please advice on how to progress from here.

Many thanks. Peter

Hi,
I am sorry, I do not undertand the first part in your answer, please explain a little more what to do.

The second part is no issue now, I got help from the web hotel to solve this. So does not effect this, and is no longer an issue.

Many thanks for getting back to me.

Best regards, Peter