How to determine which plugin is causing issues

I get a certain message at login on a site or two of mine.

Are they errors? If so, do they reveal anything about the plugin? If not, check your site’s error logs to see if there’s more useful information there.

Have you considered working locally so that you’re not tampering with your live site when debugging or developing?

The message is “ERROR: Login failed because your IP address has been blocked. Please contact the administrator” but I’m not in .htaccess. I’m not sure which plugin is doing thi.

Error logs don’t help me (see below)

How do I work locally? I need to deactivate a plugin on live sites, right?

[Fri Nov 01 19:35:17 2013] [error] [client 173.xxxxx17] ModSecurity: Access allowed (phase 2). Pattern match “css/wp-admin.min.css” at REQUEST_FILENAME. [file “/etc/httpd/conf.d/mod_security.conf”] [line “18”] [msg “WPImage4”] [hostname “www..com”] [uri “/wp-admin/css/wp-admin.min.css”] [unique_id “22HIEMy8ZAQAAB6uHJMAAAAE”]

[Fri Nov 01 19:35:17 2013] [error] [client 173.xxxxx17] ModSecurity: Access allowed (phase 2). Pattern match “images/wordpress-logo.(?:jpe?g|gif|png)” at REQUEST_FILENAME. [file “/etc/httpd/conf.d/mod_security.conf”] [line “14”] [msg “WPImage”] [hostname “www..com”] [uri “/wp-admin/images/wordpress-logo.png”] [unique_id “22amHcy8ZAQAAB8bLNwAAAAP”]

Nothing says, ” IP blocked login failed.”

The message is “ERROR: Login failed because your IP address has been blocked. Please contact the administrator”

As I mentioned yesterday, it’s caused by the brute force protection feature in the All In One WP Security & Firewall plugin (assuming that’s the one you’re still using).

The message is being generated in /all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php on line 39.

return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Login failed because your IP address has been blocked. Please contact the administrator.', 'aiowpsecurity'));

[edit] My bad, it’s caused by the Login Lockdown Options, rather than the Brute Force protection feature.

Thank you!! I didn’t see a post yesterday or I’d not have posted again. I’m blocked by two sites but now I can deactivate that plugin, get in, uhm no. I can’t make change then reactivate. I need to bug their support folks. I’m thinking. If I deactivate then get in, once I reactivate it may kick me out before I can make changes. I will try but if I’m kicked out I will bug their support dept.

But it’s strange I’m blocked yet can’t unban myself in htaccess. I wonder which file has my ip

Oh oh oh while I have you, can I add a mailto HTML tag after “administrator”? If they are banned, they can’t get in to find my contact info.

I mentioned in this reply that it was likely to be your security plugin.
https://www.ads-software.com/support/topic/wp-loginphp-edit?replies=5#post-4824645
I guess I thought you would continue on based on that information.

But it’s strange I’m blocked yet can’t unban myself in htaccess. I wonder which file has my ip

I suspect the blocked ip address is probably stored in the database rather than written to an htaccess file. Maybe somewhere around aiowps_login_lockdown > failed_login_ip, but that’s just a haphazard guess, I don’t know for sure.

If you locked yourself out, you could always try using your ftp client to rename the pluign folder from all-in-one-wp-security-and-firewall to all-in-one-wp-security-and-firewall.BAK, and then see of you can log back in.

Here’s some info that might help: https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/faq/ Click on the link on that page and then scroll down to ‘Helpful Troubleshooting Links and Tutorials’ and click on the link that says “Deactivate the plugin via FTP (If something has gone wrong)”

Oh oh oh while I have you, can I add a mailto HTML tag after “administrator”? If they are banned, they can’t get in to find my contact info.

You can if you want to, but I’m of the opinion it isn’t a very good idea.

I suspect the blocked ip address is probably stored in the database rather than written to an htaccess file. Maybe somewhere around aiowps_login_lockdown > failed_login_ip, but that’s just a haphazard guess, I don’t know for sure.

If you locked yourself out, you could always try using your ftp client to rename the pluign folder from all-in-one-wp-security-and-firewall to all-in-one-wp-security-and-firewall.BAK, and then see of you can log back in

I looked in every directory but don’t see that file, …failed_login_ip

Same error as before. I rename, login, but when I activate it brings up the login page and I’m banned. Time to bug their support dept again

You can if you want to, but I’m of the opinion it isn’t a very good idea.

Why not? I’m curious

Why not? I’m curious

– It’s likely you would lose the edit every time you update the plugin

– Unless you’re running a completely private site, or don’t have a contact form on your front page, it really isn’t necessary. While an IP address may get locked out of wp-login, it doesn’t get blocked from viewing your site or using your contact form – just from logging in.

– mailto links (in my opinion) are an annoyance. Contact forms provide increased security for your site, and don’t require opening an email client on the users computer to send a message.

You’ll find more discussions on the pros and cons than you might imagine (link goes to Google) – contact form vs mailto – but in the end it still comes down to whatever works best for you.

[edit]..

I looked in every directory but don’t see that file, …failed_login_ip

As I mentioned, that’s probably a table located in your database. Not a file or directory.

You make sense. Neither site I’m locked out of is private. If they don’t have the brains to use the contact form on sthe site, their coment isn’t needed.

Now, the db means PHPMyAdmin, right? Then I will try tomorrow from my laptop. I did contact Support but being the weekend I probably have to wait none-too-patiently. It can’t hurt too much to try and check the table. Since I’m whitelisted the ban is just, well, wrong.

Thank you.

People have tried to reset their password, and then try to log in again and get a message that their IP address has been blocked. What is causing this to happen? Is there a max number of times that someone can try to login unsuccessfully before it locks them out?
Please provide me solution as soon possible

If you require assistance then, as per the Forum Welcome, please post your own topic.

This topic references an old version of WordPress.