2x sites down cant log in when plugin running

I can’t think what would be wrong with the plugin… it might be you have some sort of automated attack on your site that is triggering your login cooldown and preventing you (or anyone else) from logging in.

Is that possible? Can you check your server logs?
Thanks,
Paul.

Hey Paul G. i have .htaccess that ban all ips and only allow Poland ips to log in. When i enter admin without the plugin installed by changing name of folder and then change it back to how it was before its working and i dont see any attacks in logs.

When i turn off login protection i can log in but when its turned off its making cooldowns.

Edit:
Ok i know what is causing the problem:
plugin “Stop Spammers Spam Control”

But its strange i have it installed on other sites with SFW and its working ok. On those 2x sites i have SFW first installed and then installed the “Stop Spammers Spam Control” plugin maybe this is a problem.

Hi,

Can I ask what Stop Spammers plugin offers over in terms of comment spam protection over the simple firewall? Have you tried the comments filter feature on our plugin for this purpose?

I’ll take a quick look at the plugin source code to try and work out what’s going on, but I think you’re simply better not running more than 1 security plugin…

Thanks,
Paul.

Well “Stop Spammers Spam Control” show in the logs when someone is trying to login to wordpress like admin/admin, /admin/theadmin etc that is not shown in Your plugin. And it detect other exploits same as Your but it seems some exploits are not visible in Your plugin in logs.

The audit trail should really show these things… what exactly is missing from the audit trail that you’d like to see more of?

Can you tell me the other exploits that are considered by that plugin that I’ve missed on ours. The more info you pass along to me the better… it’s really only with the help from the users I can add enhancements.

Thanks!
Paul.

Hey again, well first of all i can see:

Everyone that calls the file: /wp-admin/admin-ajax.php i can ban ip’s that spam my admin-ajax.php

Second i can see all login and passwords that was bruteforced. Like admin yesterday i banned 10 proxy ips that was trying find password for admin username even if there was none admin named user in database. They are causing the wordpress to slow down. Even logins that was made by bots i can see email they used ip and message they wanted to spam ??

Third You can set:
Spam Words List
Bad User Agents List

And at the end is one option i always miss in SSF is clear the logs with a button. Its easy to ban people and clear the log and You know new logs are new people that want to spam/ attack you and You dont have to check the date or time.

Great, thanks for this run down.

1)
I wont be adding the ability to block IP addresses within the Security Firewall on any scale. My reasoning is outlined in this article:
https://www.icontrolwp.com/2014/06/beware-new-security-theat-wordpress-misinformation-virus/

2)
My view on brute force login attempts is that if I know the plugin is blocking them effectively, I don’t need to know what username(s) they’re using to try it. It’s noise, and there are so many other more important tasks I have to do in my WordPress/work efforts.

3)
Regarding SPAM words list – I believe that people that dedicate their time to handling SPAM word lists are far more qualified than me to do so. That’s why I integrated this list into the plugin:
https://github.com/splorp/wordpress-comment-blacklist

This will also scan user agents and IPs etc. This is far more comprehensive than any list that I or most other people could create – and the WPSF plugin automatically keeps it up-to-date.

4)
You are correct about an audit-trail clear button. I’ll look to adding this.

Thanks!
Paul.

Maybe You are right but about forcing in point 2. i disagree If i login from 100 proxys evry 1 min it will make a masive overload to my server. I have a little slow server because i dont have so much people there. And if someone is bruteforcing me with a bunch of dummy ips it dont matter if firewall blocking them for 60 sek if they try to log in 2x times with the same ip. It generates traffic and database use and cpu use. In other plugin i see what is going on and who is slowing my server down with the dump logins try i can ban ip range of ips and thats it ??

And i am not telling Your pluggin is worse then other or better. I use them in one site and there was no problem before now when i installed Your plugin first and then the other one this problem showed for me first time.

No problem at all ??

Thanks for sharing your thoughts on this!
Paul.