Email logins cause IP lockouts with specific AIO setting

Hi, I am not really following your question? Can you provide more information?

Thank you

Hi,

I think I understand and can confirm the issue. It seems that when “Instantly Lockout Invalid Usernames” feature is active and user provides wrong password for valid email, its IP address is blocked immediately (despite the email is a valid username).

Thanks for reporting this!

Not quite. Even if a user provides the correct password and is actually logged in, the AIO add-in locks/blocks the IP (for subsequent logins from this IP) and shows an event.

Here’s a screenshot of the locked IP addresses after I logged in to my test server. I am the admin who is shown as the locked IP here, logged in via email, when the “Check this if you want to instantly lockout login attempts with usernames which do not exist on your system” is checked (on).

Edit to add: images not showing? Here’s the link: https://imgur.com/a/d5EqW

• This reply was modified 8 years, 4 months ago by bphilly.

True, I haven’t noticed that initially, but it really doesn’t matter, if password is correct or not. Thanks for feedback!

Hmm that’s a strange issue.
Thanks for letting us know – I will investigate further.

The new version of the plugin should fix this.

Thanks!

Was this addressed in version 4.2.2? I just updated to that version, and now I can’t login using an email address. It not only didn’t log me on (before this version, it did allow me to login, it just created the IP lock), but it still locks my IP address (as before), meaning to get logged in, I have to rename the plugin folder, login using my username (or email), and delete the locked IP record.

This seems like a step backwards.

@bphilly, please read the following thread. H think it is related to your current issue.

Regards

Thanks for the pointer. I read that thread after my post.

Hi @bphilly,
I am unable to reproduce the issue you are havng.
I just wanted to clarify the steps I took:
– rename login feature is enabled
– login lockdown feature is enabled and “Instantly Lockout Invalid Usernames” is enabled.
– I attempted to login to the system using a WordPress user who has an email address as the username and I was able to successfully log in with no lockout of my IP address.

Am I missing something in my steps? Can you please provide more details on how I can reproduce your issue?

Hi @bphilly, I just wanted to know more about your issue so I went ahead and carried the same test as @wpsolutions above. I can confirm that it is also working well for me. I can’t reproduce your error using my online test server.

Regards

Hi @wpsolutions,

I attempted to login to the system using a WordPress user who has an email address as the username and I was able to successfully log in with no lockout of my IP address.

This works, but try log in using email instead of username (this feature has been added to WordPress since 4.5).

• This reply was modified 8 years, 4 months ago by ?eslav Przywara.

Btw. as long as user has identical username and email, everything works fine. As soon as username and email differs and user tries to log in with email, this issue occurs.

@bphilly and possibly others with the same problem: I implemented a fix for this issue in a branch of my AIOWPSF fork.

If you are comfortable with installing plugins from GitHub, feel free to check it out and let us know whether the fix works for you or not.