Authorizer login disables with stronger lockouts

  • Resolved neenunc

    (@neenunc)


    3 years, 2 months ago

    Hi Team,

    I need help regarding the Authorizer plugin. The plugin works well in all aspects, but I am facing some issues.
    My website is facing a Bruteforce attack(ie, random user logins are carrying out with non-existing user names(I checked them against our ldap) and some usernames already existing, but they were blocked by your auth_settings_advanced_lockouts_failed_attempts meta value.).

    Whenever a failed attempt occurs, auth_settings_advanced_lockouts_failed_attempts in wp-options table increments and all users who try to log in to the website is blocked saying “There have been too many invalid login attempts for the username” even if the user tries with the correct credentials. The user who carries out a fresh login with correct credentials is blocked by this. How can I resolve this?

    Any help would be appreciated. Thanks in advance.

    • This topic was modified 3 years, 2 months ago by neenunc.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Paul Ryan

    (@figureone)

    Authorizer only includes basic brute force protection, you may want to look into other plugins dedicated to this specifically:
    https://www.ads-software.com/support/topic/login-limit-exceeded-issue/

    Thread Starter neenunc

    (@neenunc)

    Thanks.. I will go for ithemes security.

    Thread Starter neenunc

    (@neenunc)

    Hi Paul,

    I tried Ithemes security plugin, it works well but there is no effect of this plugin along with the authorizer lockout feature. So how can I disable this feature?

    I could see a section like this, but not sure how to disable this.
    After 10 invalid password attempts, delay further attempts on that user for 1 minute(s). After 10 more invalid attempts, increase the delay to 10 minutes. Reset the delays after 120 minutes with no invalid attempts.

    • This reply was modified 3 years, 2 months ago by neenunc.
    Plugin Author Paul Ryan

    (@figureone)

    Try setting those values so they don’t trigger. Example:

    After 999 invalid password attempts, delay further attempts on that user for 0 minute(s). After 999 more invalid attempts, increase the delay to 0 minutes. Reset the delays after 0 minutes with no invalid attempts.

    Let us know if that works!

    Thread Starter neenunc

    (@neenunc)

    It worked, Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Authorizer login disables with stronger lockouts’ is closed to new replies.