We have a new client who must have used this plugin in the past. Their site was extremely slow on a page load and we found 2,411 entries in the wp_options table consisting of autoloading transients such as …
_site_transient_brute_loginable_bacc42e348edb9f61cff8a1180d6c5ca (0.39Kb) Autoloaded
_site_transient_brute_loginable_fa385c494d7499dc92db2838dc75f760 (0.39Kb) Autoloaded
_site_transient_brute_loginable_211f28fd403801d5c0681c453cd59e2a (0.39Kb) Autoloaded
_site_transient_brute_loginable_94b9b3b9189a1396d750039bc19d4d62 (0.14Kb) Autoloaded
_site_transient_brute_loginable_23c6ba2f32376f45db75eda8f20c1125 (0.39Kb) Autoloaded This data is using 0.5Mb and because the transients were not set to expire they are set to autoload which means that they are all loaded on every page load.
Since WordPress v6.1 the “Dashboard – Tools – Site Health” check has started recommending that your site should be using a “Persistent Object Cache”?if they are loading more than 100Kb of autoloaded options / transients.
If you’ve ever used this plugin you might want to check your wp_options table in your database to see if you have a plethora of transients like this that need to be removed.
The all start with _site_transient_brute_loginable_ so are easy to find.
Oliver
]]>I’m getting this error:
Warning: Illegal offset type in isset or empty in /home/xxxx/public_html/wp-content/plugins/bruteprotect/bruteprotect.php on line 168
any ideas?
For those using BruteProtect but not using JetPack, have you disabled BruteProtect? Is there any advantage/disadvantage to leaving it enabled even though I don’t think it’s working anymore?
Thanks!
]]>Hi!
I am unable to login to both of my WordPress sites that use this plugin. I’m directed to this page on one of the sites – https://bruteprotect.com/faqs/error-bp100/ – which seems silly because if I can’t login then I can’t add the code. I don’t have access to the ftp or cpanel for these sites. Please advise.
]]>Hi
I had an update message today and many strange thing is happening on my website. If you do not support why did I have update message from BruteProtect?
I installed the plugin, but when I click to generate an API key, it says “There was an error generating your API key. Please try again later. Sorry!” and nothing else.
I’ve “tried again later”, but to no avail.
Help?
]]>Hi,
For the last few days, I cannot get stats anymore.
Instead I get {“status”:”ok”,”msg”:”API Key Required”,”seconds_remaining”:60,”error”:”API Key Required”}
Today, I could not require a new api key: “here was an error generating your API key. Please try again later. Sorry!”
It seems to affect all my sites using BruteProtect.
Tnx
Michael
]]>Hi! For the past few days, BruteProtect stats haven’t been available in the dashboards of a few WordPress installations I maintain.
I’ve found these threads:
https://www.ads-software.com/support/topic/brute-protect-stats-not-showing?replies=5
https://www.ads-software.com/support/topic/stats-unavailable?replies=2
but they are both a year old. Is this an issue on your end?
Thanks!
Peace…
Tom
]]>Attempting login at submind.org, recently updated to 4.3 give me this error:
]]>Error BP100: This site is not properly configured. Please ask this site’s web developer to review for information on how to resolve this issue.
Fatal error: Call to undefined method BruteProtect::get_transient() in /home/crecuqau/public_html/sacredintuitiveelements.com/wp-content/plugins/bruteprotect/bruteprotect.php on line 192
I opened Filezilla and deleted the bruteprotect plugin and now have access to admin panel.
https://www.ads-software.com/plugins/bruteprotect/
I can’t access settings panel with v2.4.1 wp 4.2.4, It shows only an empty page and I have to delete plugin from ftp
]]>Hi! I *just* upgraded to BruteProtect 2.4.1 and I’m getting this error:
Fatal error: Call to undefined method BruteProtect::get_transient() in /path/to//wp-content/plugins/bruteprotect/bruteprotect.php on line 192
This happens when I try to access the Dashboard after the upgrade.
Help!!!!
Thanks!
Peace…
]]>Hello,
Now that Bruteprotect has been acquired by Jetpack unfortunately I’ll have to stop using it.
I’ve seen the ‘performance myth’ post about Jetpack but after installing it and trying it solely with the BruteProtect module enabled, I’ve seen a increase in load time compared to the pre-jetpack version.
My business is very load time conscious, with over 10k unit hits a day I need something lightweight but efficient as BruteProtect was. Plugins like Limit Login Attempts are a bit too simple in comparison and have no ‘crowd protection’ feature.
So is there anything lightweight and as effective as BruteProtect is? I’m willing to pay if it’s a premium plugin.
Thank you,
Warmly,
Matthew
]]>Hello,
Will you be updating this plugin to be compatible with WordPress 4.2.2?
]]>I understand BruteProtect has been acquired by Jetpack, and is now reincarnated as the “Protect” feature within Jetpack.
I installed Jetpack today for the sole purpose of continuing to use BruteProtect, which has been an outstanding plugin. Upon installing Jetpack (which installs 27 other functions…which I don’t necessarily want), I immediately began encountering problems.
Upon clicking the Debug button within the Jetpack admin panel, the error message indicated that Jetpack could not communicate with my website. After a few tech support emails, it appears Jetpack MUST have access to the XML-RPC file at the root of your domain in order for Jetpack to work (not sure if that means all of Jetpack, or just some parts of Jetpack).
I had no plugins blocking Jetpack from access to the XMLRPC file, so I contacted my hosting provider…which it turns out is blocking all public access to XMLRPC by default on all WordPress installations because such access is a known vector for hacker attacks.
I do not know yet if Jetpack’s “Protect” feature (aka BruteProtect) will continue to function properly without having access to the XMLRPC, but for sure certain features within Jetpack will NOT work properly without it.
If Jetpack’s “Protect” feature will not function without opening a new door for hacker opportunities, then this will be a quite unfortunate development for BruteProtect.
Does anyone know if “Protect” will still function properly even if the Jetpack system does not have public access to XMLRPC? I have not gotten a clear answer on that from Jetpack, yet.
]]>We are using this plugin to restrict access to an internal resource site. Some of our users access the internet through a proxy server. That proxy passes an X-Forwarded-For header with both the private (10.*) IP address and the public IP of our network, comma-delimited.
The public IP address has been white-listed and works just fine for our users that are not accessing through that proxy server. All users going through the proxy server receive a 403 response.
How can I get these users to be able to access our site?
]]>In August 2014 BruteProtect was acquired by Automattic (makers of WordPress.com, Akismet, Jetpack, and more) with the goal of integrating BruteProtect’s functionality into the Jetpack plugin. Jetpack gives users the ability to update plugins, in bulk or automatically, via a WordPress.com connection. This feature, along with Jetpack’s existing “Monitor” functionality (which provides downtime alerts), duplicates many of the features once offered by My BruteProtect.
As of March 2015, Jetpack also includes botnet protection. Therefore, we are no longer making any additions or improvements to the BruteProtect plugin. Protection against botnet attacks will not be interrupted, BruteProtect will continue to protect your site for free until the end of 2015. If you are having trouble with BruteProtect, please install Jetpack, ensure that the Protect module is activated, and remove BruteProtect.
]]>I get errors when I install the plugin on new sites because your SSL cert has expired. ERR_INSECURE_RESPONSE says this:
This server could not prove that it is my.bruteprotect.com; its security certificate expired 9 day(s) ago.
]]>Does BruteProtect only block bots that try to get through the login screen or all bot attacks eg if they were trying to hit my xml.php file, it would block that plus notify you of the bad IP.
Does it block the IP from ever trying to hit the site like a firewall. I use login lockout and I found that it works great for locking the IP out but it still allows the attempt which uses significant resources.
Is there any logging mechanism that I can view?
Thanks
Bryan
Hi
I cannot request an API key. When I click on “Obtain a key for free” the configuration page opens up with a blank API key field.
I have sent a debug report, the site is https://www.listeaktiv.at
Thanks for you help
]]>I seem to be locked out of my admin account. I get the message that there have been too many login attempts from this ip (or something like that).
I don’t think it was an actual brute force attack on my site. I think I just wasn’t paying enough attention when putting in the password.
How much time do I need to give it before attempting to log in again?
Thanks in advance.
]]>How can I always have the math captcha to appear?
Leo
]]>Hi!
I can’t see anything when clicking to Configure the Protect module of JetPack.
I only get a message saying that an API key for JepPack Protect is required, but when clicking on the button to get one always received the following error message:
-10520, Jetpack: [missing_token]
Jetpack is connected and all other Jetpack modules are working fine (including the ones requiring a connection to WP.com like Stats).
]]>4/28/15
I have had a brute force attack going on one of my sites since 7:04 pm 4/27/15 with bruteprotect installed and active. It has not stopped this hacker 81.21.192.0 – 81.21.192.255 at 81.21.192.224. First time this has happened. Usually BruteProtect shovels them off to the server farm and I don’t see them again.
Hello,
I just migrated my website to a new domain.
The BruteProtect widget on WordPress dashboard sill displays the previous website link.
I explain: before my domain name was for example: “previousdomainname.com”
Instead of displaying “… Malicious attempts to access newdomainname.com”, it shows: “… Malicious attempts to access previousdomainname.com”.
However, in the BruteProtect settings, the API key link is the right one.
Is my website protected anyway?
]]>Hello,
I didn’t receive an API key, I tried a few times, but I didn’t get the screen where you can fill in your e-mailadres where the API key has to be send to.
Could you help me out?
Jeltje
]]>Hi
Brute Force has blocked IP address of one of my user and I am not able to unblock his IP address. Not able to see dashboard of “Brute Force”.
There is an option at the bottom “BruteProtect dashboard widget should be visible to…” Admin or those who user dashborad, after this also not able see the dashboard of brute Force.
Any help is appreciated.
Thanks
Syed
Hello,
After moving a production server back to my localhost I get AGAIN the localhost getting blocked message…
Your IP (127.0.0.1) has been flagged for potential security violations. Please try again in a little while…
A support ticket here indicates it’s been fixed but it doesn’t seem to be the case at all.
What is the workaround please ?
Cheers,
]]>Hello,
Using WP 4.1.1 and BruteProtect 4.2, the plugin generates a lot of transients in the wp_options.
Running the following SQL query showed in my case 2621 transients:
SELECToption_nameFROMwp_optionsWHEREoption_nameLIKE ('%\_brute\_%')
I’m aware that earlier this was also mentioned, but that issue was resolved by BruteProtect removing expired transients daily.
That does not seem to work in my case, however, since the transients are growing steadily. (Unless, perhaps, BruteProtect makes more new transients on a daily basis then it removes?).
Anyway, these transients clutter my WP database so I’d like to have them removed on a consistent basis to keep the performance optimal.
]]>Hi! This morning when I login to WordPress, I see this message where the BruteProtect dashboard widget normally appears:
The requested URL /ui/dashboard/widget/{random string} was not found on this server.
I did a Google search and found this:
Is there another API server issue at work or could this be something else?
Thanks!
]]>