Cannot unblock an IP.

Hello @kikeconk , Thank you for reaching out.

If you cannot locate the IP in the Wordfence > Firewall > Blocking page, then the IP shouldn’t be blocked. It could be a cache issue on the user’s end. Can you have them try to log in from a different browser to test?

As for your second question, it sounds like the Brute Force settings might be set too strict. You could navigate to Wordfence > All Options > Brute Force Protection and adjust any settings you might need there. I often recommend the following settings:

Lock out after how many login failures  5

Lock out after how many forgot password attempts   5

Count failures over what time period   30min

Amount of time a user is locked out   30min

For more information on Brute Force Protection, you can view our documentation:

https://www.wordfence.com/help/firewall/brute-force/ 

Let me know if this helps. Thanks again!

Hello, Christian,

Thank you so much for your answer.

I am afraid I didn’t explain properly the issues because of my poor english, let me try again, please:

1. The IP I am talking about is in the “Top IPs Blocked”, in the Firewall tab. But it is not in the Blocking tab, so I don’t know how to unblock it.
   
2. When a IP is blocked because of several mistakes logging in, how does the ban work?, should the website visible from that IP?
   I have made a test:
   – I have made several incorrect tries of log-in, like dozens, from an IP.
   – That IP appears in the blocking tab and I cannot log in even with the right credentials until I unblock it.
   – But, despiste being blocked I can still navigate across the web.
   
   Is that the correct behaviour?

Thank’s

Hello @kikeconk , thank you for clarifying,

It could be that the IP Detection functionality of the firewall page is not working properly, I would need a diagnostic to identify the issue. You can send a diagnostic report to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

To answer your second question, you are referring to the Brute Force Protection in our firewall. 

What Brute Force Protection does is block an IP from attempting to login after a set number of incorrect attempts, the default is 20. 

It then blocks them for a set period of time, the default is 4 hours. This is an IP block so a blocked IP should not be able to access the site at all.

If you would like to change these default settings you can do so by navigating to Wordfence > Firewall > All Firewall Options > Brute Force Protection. The settings are labeled Lock out after how many login failures and Amount of time a user is locked out.

Let me know if this helped,

Christian

Thank’s, I have just sent the report.

About the Brute Force Protection, the fact is that when an IP is blocked because of several incorrect login attempts the block is only affecting to the login function; users from that blocked IP can access the whole site, the only trouble they get is the login function.

Thank you

Hello @kikeconk , thank you for sending the diagnostic.

We need to figure attempt to replicate the problem, if you could send us the login link to wftest @ wordfence . com so that we can troubleshoot the problem that would be greatly appreciated.

Thank you,

Christian

Hello,

I have just sent the email, with my user name in the subject.

Thank you

Kike

Hello @kikeconk , thank you for sending over the information.

I reached out to our QA team about your issue and they told me the following:

“when failing logins repeatedly (or breaking most other login-related rules), Wordfence “locks out” the user, which prevents them from logging in or viewing normal WP login pages (though other plugins may allow logins in non-standard ways.) If the site has a contact form or support email address(es), this lets locked-out users reach the site owner about any issues.

When other kinds of rules are broken, like Immediately block IPs that access these URLs, rate limiting, manual blocks, or Immediately block the IP of users who try to sign in as these usernames (even though it’s related to logins), Wordfence “blocks” the IP instead, which covers the whole site.”

The brute force protection only prevents access to the WordPress login page and blocks users from logging in.

About being unable to view the blocked user so you may unblock them, it may be a caching issue. This would explain why it appears on your Top IPs Blocked widget but not on the blocking page as the Firewall page is cached.

In order to diagnose it I would need some screenshots of the Firewall home page, making sure to include the specific message you are receiving on Top IPs Blocked and a screenshot of the blocking settings you have enabled, you can reach this by going to All Options > Rate Limiting. If you could send those screenshots to wftest @ wordfence . com that would be greatly appreciated.

You may also want to check the live traffic to determine what kind of block was done on the user. You can find that page at Wordfence > Tools > Live Traffic.

I hope this helps,

Christian

Hello, Christian, thank’s for the answer.

Now I know how it works, I can see the difference between failing logins repeatdly and other kind of rules. Got it, thank’s.

I think the customer I had problems with is somehow accesing now, probably after rebooting the router his IP changed.

Anyway, in case it happens again it would be useful learn how to unblock any IP, if it is possible.
I have just sent you some screenshots, you will see there are a lot of IPs blocked in the Top IPs Blocked but most of them are not in the blocks tab.

When the IP blocked is from some tiny island beyond Indonesia it is not a problem, but last week a customer, from this very city, had his IP blocked and I wasn’t able to unlock it as it wasn’t in the blocks tab.

The blocking settings may look very restrictive but I can handle it, there are over 9000 users therefore I need to be strict, when anyone is blocked because of login failures he emails me and I can check it and unblock him.

Thank’s

Kike