All Lockouts

1. You may need to and you should frequently empty the log data. Goto menu > Security > View Logs > enable all the checkboxes > Remove Data. You may also need to Release Lockout.

2. Make your the IP is not being banned. Goto menu > Security > Ban Users > Ban Hosts > make sure the IP is not listed here > click Save Changes.

3. Perhaps you need to check your .htaccess file. View this thread for more detail:
https://www.ads-software.com/support/topic/how-to-clear-a-specific-blacklisted-ip

I have cleared the logs, and do every day now…but it does not clear the “All Lockouts” section. Only the Current Lockouts. I never seem to catch the Current Lockouts either.

I checked the .htaccess and did not find banned IPs … I did however, find banned users/IPs in the database.

Hello.

And yes, I’ve just checked and now sure there is one more thing you can do. That is

4. Clear the lockout information inxxxxxx_BWPS_lockouts table.
For more information please visit:
https://bit51.com/fixing-better-wp-security-lockouts/

Something I want to add. After you clear all the lockouts, you may need to inspect why they get lockout. Normally this plugin will lock or ban bad bots and hackers only. If legitimate users being locked, this may mean something wrong in one of the plugin or theme you’re using.

Most of the lockouts is due to 404 pages. The visitors who did multiple tries with gibberish in the URL were permanently banned. Many of the others, depending on the pages tried and number of times they tried were released.

Normally, legitimate users won’t generate 404 errors. If you having too many legitimate users getting 404 errors, it can be one of your plugin or theme you’re using is not properly written.

You may need to study the log file to find information which plugin (or theme) is the culprit. Then you should contact the author, hope it will be fixed on its next release.

I ever saw some of the plugins I’m using cause 404 errors.

Also, many caching plugins if not properly configured, can cause 404 errors too.

Hello.

You mentioned gibberish, that’s what this plugin works. Legitimate users usually visiting your website and pages via links. Typing gibberish in URL will be considered as hacking attempts, because hackers or bad bots might randomly combine some words in the URL, which is similar to that way, for scanning your website vulnerability or attacking.

If it frequently bans ‘real’ visitors, you may consider to:
– Disable Blacklist Repeat Offender
– Increase Error Threshold
– Shorten Lockout Period
– Even disable the 404 Detection

Many things can cause 404 errors. It can be simple mistake or a hacking attack. You may need to examine the error logs, study the pattern to know what the problem really is.